V12 Docs

Connect a repo and run your first audit

Sign in, connect GitHub, choose a source, and launch either a full audit or a diff review.

V12 supports two starting points for a run:

  • a GitHub repository, or
  • an uploaded .zip, .tar, .tar.gz, or .tgz archive.

For most teams, GitHub is the best path because it unlocks repository sync, pull request selection, and Autopilot.

Before you start

You need:

  • a V12 account,
  • enough credits for the scan you want to run, and
  • GitHub access to the repositories you want V12 to inspect.

1. Connect GitHub

If this is your first run:

  1. Sign in to v12.sh.
  2. Open Settings and connect your GitHub account.
  3. Install the V12 GitHub app on the repositories or organizations you want V12 to analyze.
  4. Return to Create run and sync repositories if the repo list has not refreshed yet.

GitHub-backed runs depend on both OAuth and the GitHub app installation:

  • OAuth lets V12 identify you and list accessible repositories.
  • The GitHub app grants repository access for analysis and ongoing automation.

2. Open Create run

Go to Create run.

The first screen asks for a code source:

  • GitHub repository: choose from connected repositories.
  • Upload archive: upload a .zip, .tar, .tar.gz, or .tgz file.

If you upload an archive, include the full project and build system when possible. Features like proof-of-concept execution and remediation validation work best when the uploaded project is complete.

3. Choose the audit type

When you pick a GitHub repository, V12 offers two audit modes:

Full audit

Use this when you want a broad review of a branch, tag, commit, or selected file set.

You can point the run at:

  • a branch,
  • a tag, or
  • a specific commit.

Diff review

Use this when you only want the code changes.

Depending on the source, V12 can review:

  • a GitHub pull request,
  • a commit range, or
  • a patch file.

If your team wants this on every change, Autopilot is the next step.

4. Name the run

Every run needs a Run name. Pick something your team can recognize later, especially if you will compare multiple scans for the same repository.

Good examples:

  • payments-service main before release
  • router PR #184 diff review
  • staking-contract archive upload

5. Select scope

After configuration, continue to the scope step.

Full audit scope

Browse the repository tree and select the files or directories you want analyzed.

Use scope control to:

  • exclude vendor code,
  • skip generated artifacts,
  • remove tests when they are not useful audit targets, and
  • stay within the file cap shown by the UI.

Diff review scope

V12 shows the changed files for the selected diff. You can narrow the billable review to the files you care about while still letting the system read surrounding code for context where needed.

6. Confirm cost and submit

On the last step, review:

  • the selected repository or archive,
  • the audit mode,
  • the final scope, and
  • the estimated usage cost.

You can also set a USD budget limit before submission.

When everything looks right, click Run audit.

After submission

Once queued, the run appears in Runs. From there you can:

  • watch status changes,
  • open the findings view when analysis finishes, and
  • share specific findings with teammates.

Next: Read findings, proof of concept, and remediation output.

Reading findings

Understand the findings list, proof-of-concept output, remediation guidance, and review controls.

On this page

Before you start1. Connect GitHub2. Open Create run3. Choose the audit typeFull auditDiff review4. Name the run5. Select scopeFull audit scopeDiff review scope6. Confirm cost and submitAfter submission