Quickstart with Gomboc Community Edition

Introduction

In this guide, you’ll install the Gomboc GitHub App and run your first scan. Gomboc will automatically review your Terraform code and generate PR-ready fixes developers actually love. From there, you can quickly iterate, review, and prevent misconfigurations from ever reaching production.

Before getting started

To get the most out of this guide, you’ll need:

  • A GitHub account, used for authentication and app installation

  • A repository that contains Terraform (.tf) code

If you need a repo to test with, you can fork our demo example. It includes real-world Terraform configurations ready to scan.


1. Install the Gomboc GitHub App

  1. Select the repos you’d like us to monitor (your own or Gomboc demo example).


2. Scan & Generate Fixes

Once the GitHub App is installed:

  1. Edit one of your Terraform files and create a pull request in your selected repo.

  2. Gomboc will:

    • Automatically scan your Terraform code

    • Open a new PR with:

      • A clear summary of what was fixed

      • Suggested secure code fixes

If no issues are found, we’ll note in the PR confirming everything looks great.


3. Review Fixes & Share Feedback

  • Head to the PR created by Gomboc, review the description, accept the fixes, and merge.

  • Merge when ready or leave feedback via our GitHub discussions channel.


Discover Gomboc

Our guides will help you set up Gomboc quickly and easily. Learn Gomboc terminology, configure the necessary prerequisites, onboard your organization, and understand the complete Gomboc workflow.

Last updated