Quickstart
From zero to your first findings: sign in, connect a repo, and read what Hyrax found. Once you pick a repository, the first run is automatic.
1. Sign in, then connect your repos
There's no separate signup or password to set up. You sign in — continue with GitHub, Google, or a one-time email code — and that gives you a workspace. To audit your code you then connect a GitHub organization (or personal account) to that workspace by installing the Hyrax GitHub App on it, and choose which repositories the App can access (all or specific ones). You can change that selection later in GitHub. The GitHub App is only for repository access, not for logging in.
Hyrax verifies your email as part of signing in — there's nothing extra to configure, and your account is protected by a security factor automatically. During early access, a new workspace may need approval before its first run — if you land on a "pending approval" screen, you're in the queue.
2. The onboarding wizard
The first time you open a workspace with no repositories, Hyrax shows a short onboarding wizard:
| Step | What you do |
|---|---|
| Connect GitHub | Connect the organization (or personal account) whose repos you want by installing the Hyrax GitHub App on it. Once it's connected the wizard shows "✓ Connected to <org>". |
| Pick a repository | Choose the first repository to audit. You can add more later. |
| Confirm & start | Pick the branch, review what will run, and start. Hyrax registers the repo and kicks off discovery + a mini audit (about ten minutes), then emails you when findings are ready. |
3. What happens automatically
Connecting a repo for the first time triggers a fixed sequence — you don't submit these jobs by hand, and the repo page shows live progress (discovering your codebase, then running the initial audit) so you can follow along:
- Discovery runs the moment a repo is registered. It profiles the repo — architecture, conventions, how-to knowledge — and stores that context in your workspace.
- When discovery finishes, a Mini audit runs once on a never-audited repo, surfacing a small set of findings to get you started.
An audit is always something you choose to run, never automatic. It comes in three depths: a Mini audit on Free, a Standard audit on Pro and Team, and a Full audit on Team. The Run Audit button runs the Mini audit on Free and the Standard audit on Pro and Team; on Team, a separate Full audit button runs the complete catalog. See Plans & pricing.
4. Read your first findings
When the checklist reaches Findings ready, open the repo's findings list. Each one is an observation with a stable ref like HYRAX-42, a priority (P0–P3), a category, a description of what's wrong and why, and the file locations it touches. From there you can open an observation, click Fix to have Hyrax open a pull request, or dismiss anything not worth acting on — your triage is remembered when audits re-run.
Connecting public repositories
You can point Hyrax at a public GitHub repository by URL without installing the App on the upstream org. These repos run read-only: audits and discovery work, and reviews run with results shown in Hyrax (nothing posts to GitHub) — but write-back workflows like Fix and Publish need the App installed. Adding public repos by URL is available on Team (ask us if you need it sooner). See Public & private repositories.
Next steps
- Running audits & fixes — the day-to-day guide, plus Findings & suggestions.
- How Hyrax works — the audit engine, end to end.
- Plans & pricing — what your plan includes.