prpl
Sign in
← All documentation
Start here

Getting started

Orient each role and route readers to the shortest successful path.

userorg admin capture: getting-started

Outcome

You know which onboarding path applies to your account, which pages in the top bar you will use, and the exact order of guides that takes you from a fresh sign-in to a reviewed, defended security finding.

Who can do it

This documentation is public — you can read every user and organization guide before signing in. What you can do inside prpl depends on your account:

You are…How you got hereWhat you can doStart with
Wait-listed user You signed in with GitHub and have not been upgraded yet. New GitHub sign-ins start on the wait-list. Browse the console, connect GitHub access, and pre-stage a repository. Builds, scans, and Defend stay locked until a site administrator upgrades you to customer. Sign in and set up your account
Customer A site administrator upgraded your account to the customer role. Connect repositories, build environments, run scans, review findings, generate patches with Defend, and approve pull requests on repositories you own. Connect GitHub authentication
Organization member An organization owner invited you (by email) and granted you access to specific repositories. Work only in the repositories your owner granted, with the capabilities and named roles they assigned. Membership alone exposes no repositories. Sign in and set up your account
Organization administrator You own a mapped GitHub namespace (your own GitHub login is self-claimed at sign-in; other namespaces are mapped by a site administrator). Everything a customer can do, plus: install the GitHub App, invite members into licensed seats, and grant per-repository access and roles. Organization administrator overview

Before you begin

  • You need either a GitHub account (for the normal sign-in) or an organization invitation email (which signs you in without GitHub).
  • Signing in only identifies you — it never grants prpl access to your code. Repository access is a separate, explicit step covered in Connect GitHub authentication.

The shortest successful path

Follow the guides in this order. Each one ends where the next begins.

  1. Sign in and set up your account — sign in with GitHub (or accept your organization invitation) and find Settings in the profile menu.
  2. Connect GitHub authentication — give prpl read access to the repository you want analyzed, ideally with a fine-grained read-only token.
  3. Connect your first repository — on Attack surface, pick the repository and a pinned revision, then select Start scan. Wait-listed users pre-stage their repository here instead.
  4. Prepare a repository environment — prpl clones the code and builds an isolated harness around it.
  5. Run a security scan — launch the hunt and watch it progress; Monitor environments and scan jobs shows every job's state.
  6. Understand findings, then acknowledge true positives or reject false positives — acknowledging a true positive immediately starts Defend patch generation.
  7. Generate and review patches with Defend and review and approve a Defend pull request — the patch reaches your repository through a two-step request/approve flow.
  8. Schedule recurring scans and add more repositories to make it routine.

Extra steps for organization administrators

  1. Install the private prpl Defender GitHub App — note the owning-account restriction before you start.
  2. Invite members with initial repository access — invitations reserve licensed seats and work before the member's first GitHub sign-in.
  3. Assign repository access and roles — members see only the repositories you grant.
  4. Use the organization risk dashboard to watch posture across the estate.
The documentation index at /docs with its audience filter row, calling out the "Organization admin" filter chip.

Finding your way around

The top bar is the same on every page. Attack surface is your working home — repositories, scans, and findings all live there. Docs opens this documentation. Your profile menu (your avatar, top right) holds Settings, Documentation, Onboarding (the guided checklist for your role), Organization (owners and members only), and Sign out.

The signed-in top bar, calling out the "Attack surface" navigation item.

Verify

  • Open your profile menu and select Settings: the Account page header reads Signed in as your GitHub login (or invitation email) and shows your role — wait-list, customer, or site_admin.
  • If you belong to an organization, the Account page shows a Your organization access section listing the repositories you have been granted.
  • If you own an organization, the Account page shows a Users section with seats and members, and the profile menu shows Organization.

Troubleshooting

  • Clicking Attack surface sends you to the sign-in page. The console requires an account. Select Sign in with GitHub and you will be returned to the page you asked for.
  • A banner says "You're on the wait-list." That is expected for new accounts: you can connect GitHub access and pre-stage a repository now, but launching builds and scans unlocks only after a site administrator upgrades your account. There is no self-serve upgrade — wait to be contacted, or reply to your onboarding email.
  • You are an organization member but see no repositories. Membership alone grants nothing. Ask your organization owner to grant you access to specific repositories (see Assign repository access and roles).
  • You expected organization controls but have none. Owner status comes from the mapped GitHub namespace, not from the role name. If you should administer a namespace that is not your own GitHub login, a site administrator must map it to you.

Next step

Sign in and set up your account — then keep the Roles and permissions and Scan and finding lifecycle references handy.

Last verified against commit c0bf54d on 2026-07-10 · capture scenario: getting-started