📚 Quick Start Guide

Get Started in Minutes

Install PatchPilot and automate your DevSecOps workflow in three simple steps.

🚀 Installation

Choose your preferred installation method

🐙

GitHub App (Recommended)

Install PatchPilot as a GitHub App for seamless integration with your repositories. No configuration files needed - just click and authorize.

Install GitHub App ⚡ 2-minute setup 
## Installation Steps:

1. Click "Install GitHub App" button above
2. Select repositories to monitor (or choose "All repositories")
3. Authorize PatchPilot to access your repos
4. Done! PatchPilot will start monitoring for vulnerabilities

## What happens next?
- PatchPilot scans your codebase within 5 minutes
- You'll receive a summary of detected vulnerabilities
- AI-generated patches appear as pull requests automatically

CLI Tool

For advanced users who prefer command-line tools or need local development integration. 

# Install via npm
npm install -g @patchpilot/cli

# Or via pip
pip install patchpilot

# Verify installation
patchpilot --version

# Initialize in your project
patchpilot init

# Run manual scan
patchpilot scan ./src

# Generate patches for detected vulnerabilities
patchpilot patch --auto
🐳

Docker Container

Run PatchPilot in a container for isolated environments or CI/CD pipelines. 

# Pull the official image
docker pull patchpilot/scanner:latest

# Run vulnerability scan
docker run -v $(pwd):/code patchpilot/scanner scan /code

# Run with custom config
docker run -v $(pwd):/code -v ./config.yml:/config.yml \
  patchpilot/scanner scan /code --config /config.yml

# Docker Compose example
version: '3.8'
services:
  patchpilot:
    image: patchpilot/scanner:latest
    volumes:
      - ./src:/code
    environment:
      - PATCHPILOT_TOKEN=${PATCHPILOT_TOKEN}
    command: scan /code --watch

⚙️ Configuration

Customize PatchPilot for your project needs

Create a .patchpilot.yml file in your repository root:

# .patchpilot.yml - Full configuration example

# Vulnerability scanning settings
scan:
  # File patterns to include/exclude
  include:
    - "src/**/*.js"
    - "src/**/*.py"
    - "lib/**/*.go"
  exclude:
    - "node_modules/**"
    - "**/*.test.js"
    - "dist/**"
  
  # Scan schedule (cron format)
  schedule: "0 2 * * *"  # Daily at 2 AM
  
  # Minimum severity to report (LOW, MEDIUM, HIGH, CRITICAL)
  min_severity: "MEDIUM"

# Patch generation settings
patch:
  # Auto-generate patches for vulnerabilities
  auto_generate: true
  
  # Create PR automatically
  auto_pr: true
  
  # PR settings
  pr_labels:
    - "security"
    - "automated-patch"
  pr_reviewers:
    - "security-team"
  pr_branch_prefix: "patchpilot/"
  
  # Patch strategies (ordered by preference)
  strategies:
    - "parameterized-query"
    - "input-validation"
    - "escape-output"
    - "framework-builtin"

# Test generation settings
testing:
  # Auto-generate tests
  enabled: true
  
  # Test types to generate
  types:
    - "unit"
    - "integration"
    - "security"
  
  # Test framework (auto-detect if not specified)
  framework: "jest"  # Options: jest, pytest, go-test, etc.
  
  # Minimum coverage requirement
  min_coverage: 80

# Impact analysis settings
impact:
  # Analyze dependencies and affected modules
  enabled: true
  
  # Maximum blast radius to auto-approve
  max_affected_files: 5

# Rollback settings
rollback:
  # Create automatic snapshots before patches
  snapshots: true
  
  # Retention period for snapshots (days)
  retention_days: 30
  
  # Canary deployment settings
  canary:
    enabled: true
    percentage: 10
    duration_minutes: 30

# Notification settings
notifications:
  # Slack webhook
  slack:
    webhook_url: "${SLACK_WEBHOOK_URL}"
    channel: "#security-alerts"
  
  # Email notifications
  email:
    recipients:
      - "security@example.com"
    severity_threshold: "HIGH"
  
  # Discord webhook
  discord:
    webhook_url: "${DISCORD_WEBHOOK_URL}"

# Integration settings
integrations:
  # CI/CD integration
  ci:
    block_on_high_severity: true
    fail_threshold: "CRITICAL"
  
  # Issue tracker integration
  jira:
    enabled: true
    project_key: "SEC"
    auto_create_tickets: true

💡 Quick Examples

Common use cases and workflows

🔍

Manual Vulnerability Scan

# Scan specific directory
patchpilot scan ./src

# Scan with output file
patchpilot scan . -o report.json

# Scan only for OWASP Top 10
patchpilot scan . --owasp-only
🤖

Generate Patch for CVE

# Generate patch for specific CVE
patchpilot patch CVE-2024-12345

# Generate with test suite
patchpilot patch CVE-2024-12345 \
  --with-tests

# Preview patch without applying
patchpilot patch --dry-run

Run Test Suite

# Run generated tests
patchpilot test

# Run with coverage report
patchpilot test --coverage

# Run specific test types
patchpilot test --unit --security
📊

Impact Analysis

# Analyze patch impact
patchpilot analyze ./patch.diff

# Get dependency graph
patchpilot analyze --dependencies

# Calculate blast radius
patchpilot analyze --blast-radius
⏮️

Rollback Operations

# List available snapshots
patchpilot rollback list

# Rollback to snapshot
patchpilot rollback restore abc123

# Create manual snapshot
patchpilot snapshot create
🔧

CI/CD Integration

# GitHub Actions
- uses: patchpilot/action@v2
  with:
    auto-patch: true
    pr-labels: 'security'

# GitLab CI
patchpilot-scan:
  script: patchpilot scan .

🔧 CI/CD Integration Examples

GitHub Actions Workflow

# .github/workflows/patchpilot.yml

name: PatchPilot Security Scan

on:
  push:
    branches: [main, develop]
  pull_request:
    branches: [main]
  schedule:
    - cron: '0 2 * * *'  # Daily at 2 AM

jobs:
  security-scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      
      - name: Run PatchPilot Scan
        uses: patchpilot/action@v2
        with:
          token: ${{ secrets.PATCHPILOT_TOKEN }}
          auto-patch: true
          auto-pr: true
          min-severity: 'MEDIUM'
          
      - name: Upload Security Report
        uses: actions/upload-artifact@v3
        with:
          name: security-report
          path: patchpilot-report.json

GitLab CI Pipeline

# .gitlab-ci.yml

patchpilot-scan:
  image: patchpilot/scanner:latest
  stage: security
  script:
    - patchpilot scan . --output report.json
  artifacts:
    reports:
      security: report.json
  only:
    - main
    - merge_requests

patchpilot-patch:
  image: patchpilot/scanner:latest
  stage: patch
  script:
    - patchpilot patch --auto --with-tests
  when: manual
  only:
    - main

📖 API Reference

Integrate PatchPilot programmatically

REST API Endpoints

POST /api/v1/scan

Trigger a vulnerability scan for a repository 

curl -X POST https://api.patchpilot.tech/v1/scan \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "repository": "owner/repo",
    "branch": "main",
    "min_severity": "MEDIUM"
  }'
GET /api/v1/vulnerabilities

List all detected vulnerabilities for a repository 

curl -X GET https://api.patchpilot.tech/v1/vulnerabilities \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -G -d "repository=owner/repo" -d "status=open"
POST /api/v1/patch

Generate a patch for a specific vulnerability 

curl -X POST https://api.patchpilot.tech/v1/patch \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "vulnerability_id": "vuln_abc123",
    "strategy": "auto",
    "create_pr": true,
    "with_tests": true
  }'

💬 Need Help?

📚

Documentation

Comprehensive guides and API references

View Full Docs
💬

Community Discord

Join our community for discussions and support

Join Discord
🐛

GitHub Issues

Report bugs and request features

Open Issue