Create Your Default Group
Start by creating a single Default Group in AquilaX. This centralises management of all your repositories under one security policy and one dashboard view โ reducing configuration overhead and ensuring consistent scanning across your entire codebase.
Navigate to Dashboard โ Groups โ Create Group. Give it a meaningful name (e.g. "Production", "Client-A", or "Platform Team"). All repositories added to this group will automatically inherit the group's security policy.
Tip: Use one group per client or product line if you have distinct codebases with different security requirements. All repos within a group share the same scanner configuration and severity thresholds.
Remove Pre-Existing Projects
Before adding your production repositories, delete any automatically imported demo projects or test repositories. Pre-existing projects with misconfigured settings will skew your group's Security Rating and produce noise in your findings dashboard.
Go to Group โ Projects, select any unwanted projects, and remove them. Then add your real repositories one by one or via bulk import from your connected GitHub or GitLab organisation.
Define Your Security Policy
AquilaX uses a JSON-based security policy applied uniformly to all repositories in a group. Configure which scanners are enabled, severity thresholds, ignore patterns, and licence detection rules โ once, for the entire group.
Example Security Policy
Threshold Guidance
| Severity | Default Limit | When to Lower |
|---|---|---|
| HIGH | 50 | Compliance environments โ consider 10 |
| MEDIUM | 1,000 | Mature codebases with low debt |
| LOW | 99,999 | Rarely needs changing |
| Total combined | 300 | Adjust based on codebase size |
Connect to GitHub / GitLab
AquilaX integrates natively with GitHub and GitLab. Once connected, every pull request and push triggers a full scan automatically โ results appear in the PR before merge, with a Security Rating delta showing whether the change improved or worsened posture.
| Platform | Integration Type | Setup Location |
|---|---|---|
| GitHub | GitHub App + Actions | Settings โ Integrations โ GitHub |
| GitLab | GitLab CI/CD native | Settings โ Integrations โ GitLab |
| Bitbucket | Webhook + REST API | Settings โ Integrations โ Webhook |
| JIRA | Automated ticket creation | Settings โ Ticketing โ JIRA |
JIRA Integration: Configure automated ticket creation with custom title and body templates. Findings above your HIGH threshold automatically open JIRA tickets assigned to the relevant team.
Schedule Periodic Full Scans
CI/CD scans only fire when code changes. New CVEs are published daily โ your dependencies may become vulnerable without a single line of code changing. Scheduled full-repository scans catch this drift.
Go to Group โ Scan Schedule and configure a recurring scan. The recommended cadence is weekly, run during off-peak hours to avoid resource contention with your CI/CD pipeline.
Recommended: Weekly full scan on Sunday 02:00 UTC. This catches new CVEs published since the last code push and ensures your Security Rating reflects current exposure, not just last deployment state.
Engage AquilaX for Findings Review
Raw scan results contain three finding states. Understanding each state is key to effective triage and driving down your false positive rate over time.
| State | Meaning | Action |
|---|---|---|
| Confirmed | Securitron AI has verified this as a real, exploitable vulnerability | Fix immediately โ auto-fix PR available |
| Unverified | Scanner flagged it; AI has not yet classified it | Review manually or request AquilaX triage |
| Informational | Low risk, context-dependent โ unlikely to be exploitable | Monitor; suppress if not applicable |
Ultimate Licence: AquilaX security engineers review Unverified findings and classify them. Each triage action trains your custom Securitron model โ reducing false positives continuously over time.
Monitor Reports & Alerts
AquilaX provides real-time dashboards and scheduled email summaries. Configure weekly report delivery to security leads and engineering managers for continuous visibility without requiring manual log-ins.
Navigate to Dashboard โ Reports โ Schedule. Configure recipients, frequency, and report scope (per-repo or group-wide). Reports include Security Rating trend, new findings since last report, and resolved items.
Tip: Send weekly reports to both the engineering lead and the CISO. The Security Rating trend is the single most useful metric for executive-level reporting โ no security jargon required.
Create a Testing Sandbox
For teams experimenting with new frameworks, third-party integrations, or experimental branches, a separate Testing Group isolates security noise from production metrics without affecting your main Security Rating.
Create a second group named "Testing" or "Sandbox". Apply a relaxed security policy (higher thresholds, fewer scanners) and add experimental repositories there. This lets developers explore without triggering alerts in the production dashboard.
Common Actions
Quick navigation to the most frequently used settings in the AquilaX dashboard.
| Action | Dashboard Path |
|---|---|
| Create a group | Dashboard โ Groups โ Create Group |
| Add a repository | Group โ Add Project |
| Set security policy | Group โ Security Policy |
| Connect GitHub/GitLab | Settings โ Integrations |
| Schedule a scan | Group โ Scan Schedule |
| View findings | Dashboard โ Findings |
| View Security Rating | Dashboard โ Security Rating |
| Configure email reports | Dashboard โ Reports โ Schedule |
| Configure JIRA tickets | Settings โ Ticketing โ JIRA |
| Apply licence key | Settings โ Licence |