Skip to main content

Repository Onboarding

After you authorize a repo, we begin our repository onboarding process which takes 3–20 minutes depending on the size of the repo.

Onboarding progress view for a newly authorized repository.

Review the onboarding results for each repo.

Please review and validate the Project Structure and File Exclusions once onboarding is complete to ensure you agree with the results.

Onboarding most commonly fails because of an unsupported language. Dam Secure maintains an allow-list of supported languages for quality control. The list already covers most modern languages, and we can usually add a new one in under 24 hours, so let us know if yours isn't supported.

Progress is exposed through onboarding status, and onboarding can be re-triggered from repository details.

Development of the Dam Secure Knowledge Graph during Repository Onboarding

Repository onboarding is where Dam Secure builds the security context necessary to accurately apply rules and find vulnerabilities. Our engine runs a fanned-out and staged workflow as follows:

  1. Structure analysis — discovers projects/components in the repository (see Project Structure within a Repository).
  2. Semantic Indexing — builds git-aware security embeddings of your codebase for fast search. This enables Dam Secure to handle very large repositories, identify areas of risk, curate tailored rules, and rapidly scan the entire codebase, an incoming pull request, local code changes as well as agentic plans.
  3. Attack Analysis — assesses likely attack vectors for a specific project.
  4. File Excludes — builds the list of excluded files on a per-project basis (see Files Excluded from Onboarding and Scanning).
  5. Metadata Analysis — builds a technology fingerprint for the project. A list of tags covering languages, frameworks, infrastructure, project type, and (with explicit emphasis) security-relevant libraries like auth, crypto, validation, and secret management. A profile used in downstream rule-matching and scanning workflows.
  6. Rule matching — maps relevant rules to the discovered projects.
  7. Rule development — develops custom rules based on the discovered projects.