Documentation

Getting Started

Creating an Account

Visit the signup page to create a Trakory account. You can sign up with email and password, or use GitHub OAuth for a faster setup. Free accounts are limited to 10 scans per month and public repositories only.

Connecting a Repository

Once logged in, use the dashboard chat to scan a repository. You can scan a GitHub repository by pasting its URL or by connecting your GitHub account. The dashboard supports the following commands:

Running Your First Scan

1. Navigate to the dashboard.
2. Click “New Scan” in the sidebar or type a repository URL in the chat.
3. Select a repository from the GitHub panel or paste a URL directly.
4. Wait for the scan to complete. Results appear in real-time with severity ratings.
5. Click on any finding to see detailed information and remediation suggestions.

Dashboard Guide

The dashboard is the central hub for all scanning activity. It consists of several panels:

Sidebar

The left sidebar provides access to all authenticated pages: Dashboard, History, Repositories, Settings, and Admin (if you have admin privileges). It also shows your current credit balance and account information.

Chat Interface

The main area features an AI-powered chat interface. Send messages to scan repositories, ask questions about results, or get remediation guidance. The chat supports markdown rendering for formatted findings and code snippets.

Session History

Accessible from the left panel, the session history shows all past scans with repository names, timestamps, issue counts, and status indicators. You can delete old sessions or click to revisit results.

Activity Panel

The right panel provides a real-time activity feed showing scan completions, new findings, auto-fixes, PR creation, and file modifications. Each activity type has a distinct color and icon for quick identification.

Provider Selector

Choose which AI model powers your scans. Options include free built-in models and your own API keys for BYO (bring your own) providers. You can configure custom API keys in Settings.

Scanning

Scan Lifecycle

Each scan goes through the following stages:

Severity Levels

Supported Analysis Types

• Static Analysis: AST-based pattern matching for code vulnerabilities.
• Secret Detection: Regex and entropy-based detection of hardcoded credentials.
• Dependency Scan: Checks for known vulnerabilities in dependencies.
• Data Flow Analysis: Tracks untrusted data through your application.
• Configuration Review: Checks security configs, CSP, CORS, authentication.
• OWASP Top 10: Full coverage of the OWASP Top 10 vulnerability categories.

AI Remediation

Trakory uses AI to not just detect vulnerabilities, but also help fix them. On Pro and Enterprise plans, you can:

• Auto-Fix: Generate secure code replacements for detected vulnerabilities.
• PR Creation: Automatically create a pull request with the fix applied.
• Contextual Guidance: Get detailed remediation advice specific to your codebase.
• Provider Flexibility: Use built-in AI models or bring your own API key.

Bring Your Own AI Model

Configure custom API keys in Settings to use your preferred AI provider. Supported providers include OpenAI, Anthropic, Google, and any OpenAI-compatible endpoint. Each key can be assigned a specific model and tested before use.

CI/CD Integration

Integrate Trakory into your CI/CD pipeline to automatically scan every push. Add the following GitHub Action to your workflow:

- name: Trakory Security Scan
  uses: trakory/security-scan@v1
  with:
    api-key: ${{ secrets.TRAKORY_API_KEY }}

Scans run automatically on every push. Results appear as PR comments and check annotations. You can configure the action to block PRs if critical or high-severity issues are found.

Get your API key from the Settings page once you have an active subscription.

Custom Rules

Define your own security patterns using the Trakory rule format. Custom rules allow you to enforce organization-specific security policies and detect internal patterns.

Rule Format

Rules are YAML-based and support regex matching, AST patterns, and data-flow analysis. Store custom rules in a .trakory/ directory at your repository root.

rule:
  id: "custom-rule-001"
  name: "No Debug Endpoints"
  severity: high
  pattern: "app\.(get|post)\(.*debug.*\)"
  description: "Debug endpoints should not be present in production code."
  category: "security"

Enterprise plans include support for custom rule creation, rule testing, and organization-wide rule distribution.

BYO API Keys

If you prefer to use your own AI provider or need access to specific models, you can configure custom API keys in the Settings page. Trakory supports:

• OpenAI (GPT-4, GPT-4o, o3, and any compatible model)
• Anthropic (Claude 3.5 Sonnet, Claude 4 Opus)
• Google (Gemini 2.5 Pro, Gemini 2.5 Flash)
• Any OpenAI-compatible endpoint (together.ai, fireworks.ai, deepseek, etc.)

Each API key configuration includes a provider URL, API key, model selection, and a test button to verify connectivity. Keys are stored securely and used only for your scans.

Notifications

Trakory provides real-time notifications to keep you informed about scan results and platform events.

Notification Types

• Scan Complete: A repository scan has finished processing.
• Vulnerability Found: A new security issue has been detected.
• Credits Low: Your scan credit balance is running low.
• System: Platform announcements and maintenance notices.
• Scan Progress: Real-time updates during an active scan.

Managing Notifications

Configure your notification preferences in the Settings page. You can enable or disable each notification type independently. The notification bell in the sidebar shows unread notifications with a badge count.

Billing & Plans

Trakory offers three subscription tiers to match your needs. Visit the Billing page to manage your subscription.

Billing is handled securely through Stripe. You can upgrade, downgrade, or cancel your subscription at any time. All plans include a 14-day free trial for Pro features.

Security & How We Handle Your Code

We take the security of your code seriously. Here is how Trakory protects your repositories and data:

Admin Panel

The admin panel is available to users with administrator privileges. It provides system-wide visibility and management tools.

Dashboard

Overview cards showing total users, total scans completed, error counts, and active sessions. Key metrics at a glance for monitoring platform health.

Error Logs

Searchable, paginated error log viewer with detailed stack traces and user context. Filter by error type, severity, and date range.

Session Monitoring

View all active and historical scan sessions. Monitor scan progress, resource usage, and completion status across all users.

User Management

View all registered users with account details, subscription tier, scan counts, and account status. Manage user roles and access levels.

Frequently Asked Questions

Support

Need help? Trakory offers multiple support channels:

• Email Support: contact@nexoid.com — For all inquiries, including billing, technical issues, and general questions.
• Support Portal: Submit a ticket — Directly from the platform with category selection (bug report, feature request, account issue, billing question, other).
• Priority Support: Pro and Enterprise plans include priority support with faster response times and dedicated account management for Enterprise customers.

Enterprise customers receive a dedicated support team with guaranteed SLA response times. Contact us for more information about Enterprise plans and custom support arrangements.