Quickstart with Gomboc Community Edition

Introduction

In this guide, you’ll install the Gomboc GitHub App and run your first scan. Gomboc will automatically review your Terraform code and generate PR-ready fixes developers actually love. From there, you can quickly iterate, review, and prevent misconfigurations from ever reaching production.

Before getting started

To get the most out of this guide, make sure you have the following:

  • A GitHub account, required for authentication and app installation

  • A repository that with Terraform (.tf) code

Don't have a repo handy? Fork our demo example. It comes with real-world Terraform configurations ready to scan.

1. Install the Gomboc GitHub App

  1. Click here to Install.

  2. Select the repos you’d like us to monitor (your own or Gomboc demo example).

2. Scan & Generate Fixes

Once the GitHub App is installed:

  1. Edit one of your Terraform files and create a pull request in your selected repo.

  2. Gomboc will:

    • Automatically scan your Terraform code

    • Open a new PR with:

      • A clear summary of what was fixed

      • Suggested secure code fixes

If you see fixes in files you didn’t change, it’s because Gomboc also scans other files in the same directory as the file you edited, since they’re evaluated together.

3. Review Fixes & Share Feedback

  • Head to the PR created by Gomboc, review the description, accept the fixes, and merge.

If no issues are found, we’ll note in the PR confirming everything looks great.

Discover Gomboc

Our guides will help you set up Gomboc quickly and easily. Learn Gomboc terminology, configure the necessary prerequisites, onboard your organization, and understand the complete Gomboc workflow.

Cover

Gomboc Portal

Cover

Supported Integrations

Cover

Troubleshooting

NextGomboc Portal

Last updated