# Get started with Gomboc Community Edition ### Introduction This guide will help you quickly get started with Gomboc Community Edition to fix your code issues directly within your favorite development workflows. **New 🎉:** Community Edition now includes Gomboc’s latest remediation engine powered by [**Open Remediation Language (ORL)**](/orl.md), which generates deterministic, merge-ready fixes. ## Quick Start *** ### Sign up to create a Community account 1. Go to [Gomboc portal](https://app.gomboc.ai/) click "Sign Up". 2. You can choose to sign up with your Email or with GitHub SSO. 1. With Email, fill out your email, name, and organization. 2. With GitHub SSO, click on the "GitHub" option and follow the oauth process to authorize access by selecting "Authorized Gomboc-AI". ### Choose where you would like to start: Whether you use VS Code, AI editors like Cursor, or need an actionable pull request in GitHub

Get Started in VS Code or Cursor

#### 0. Prerequisites Before you start, make sure you have: * **VS Code** version 1.63.0 or greater\ * **Docker** is installed and **running** (Docker Desktop or Docker Engine)\ > **Why Docker?** The VS Code extension runs the ORL remediation engine locally inside a Docker container when you scan. If Docker isn’t running, scans/fixes won’t start. #### 1. Generate a personal token * [Here's](/getting-started/generate-a-personal-access-token.md) how to create a Gomboc personal access token. #### 2. Set up the Gomboc VSCode plugin * Install the Gomboc Plugin via the marketplace or direct in the IDE: * VS Code Marketplace (click "Install") [gomboc-vscode-extension](https://marketplace.visualstudio.com/items?itemName=GombocAI.gomboc-vscode-extension)

* VSCode Extensions tab. Search for "Gomboc" and click "Install":

* When you install the extension, be sure to enable "Auto Update". * Once installed, open the product settings by doing one of the following: * click the gear icon and select "Settings":

* Open Settings > Extensions and search for "Gomboc."

* Paste your Personal Access Token into the Api Key field. Run `Gomboc: Test Api Key` from the command and enable "Scan on File Save".

#### 3. Run your first scan Choose your path before running your scan * **Option 1 (Recommended):** Checkout the [Gomboc Reviewer guide](/integrations/vscode-plugin/gomboc-reviewer-webview.md) * **Option 2 (Quick):** Problems panel → Apply Fix * Create a project with a **Terraform** file. * In your IDE, create a new folder called "gomboc-quickstart" and create a new file, `main.tf`

* Populate that file with the following content: ``` provider "aws" { region = "us-east-2" } data "aws_region" "current" {} resource "aws_dynamodb_table" "test_table_a" { } resource "aws_lambda_function" "myfunction" { } resource "aws_appsync_graphql_api" "test_api" { authentication_type = "API_KEY" } resource "aws_keyspaces_table" "mykeyspacestable" { } ``` * Alternatively, check out with the following command ``` git clone git@github.com:Gomboc-AI/rattleback.git ``` * Save the file, triggering Gomboc to scan it * Alternatively, click on the search bar and select "Show and Run Commands":

* Type "Gomboc" into the search and select "Gomboc: Scan current file or scenario":

#### 4. Apply the fixes * Review the **Problems** panel → click **Apply Fix** (or **Apply All**). * Save, test, and commit your changes. {% hint style="info" %} Want a realistic repo and a guided workflow? Continue with [**Gomboc Demo Cases**](/getting-started-ce/gomboc-demo-cases.md). {% endhint %}

Get Started in Claude Code

#### 1. Prerequisites Before you start, make sure you have: * **Claude Code terminal client** \
* **Docker** is installed and **running** (Docker Desktop or Docker Engine)\ > **Why Docker?** The Gomboc plugin runs the ORL remediation engine locally inside a Docker container when you scan. If Docker isn’t running, scans/fixes won’t start. #### 2. Generate a personal token * [Here's](/getting-started/generate-a-personal-access-token.md) how to create a Gomboc personal access token. * Run `export RULE_SERVICE_TOKEN=` in your terminal to set the environment variable for the plugin to authenticate to Gomboc services. #### 3. Install the Claude Code Plugin You can install the Gomboc Community plugin for Claude Code by following these steps: 1. Start Claude Code 2. Run the `/plugin` command

3. Select "Add Marketplace"

4. Enter the url for [gomboc-community-skills](https://github.com/Gomboc-AI/gomboc-community-skills)
``` https://github.com/Gomboc-AI/gomboc-community-skills ```

5. Select the gomboc-community-marketplace:

6. Select "Browse Plugins"

7. Select the Gomboc Community Plugin

#### 4. Create your first fixes * Run the /gomboc-community:fix slash comment and direct Gomboc to fix your code with Claude:
``` /gomboc-community:fix Make sure my RDS database is protected in production ``` . * Push the ORL rules that the plugin creates to your community account for use anywhere you code. {% hint style="info" %} Want a realistic repo and a guided workflow? Continue with [**Gomboc Demo Cases**](/getting-started-ce/gomboc-demo-cases.md). {% endhint %}

Get Started in GitHub

#### 1. Install the Gomboc GitHub App * [Click here to Install.](https://github.com/apps/gomboc-ai-community) * Select the repos you’d like us to monitor (your own or [Gomboc demo example](https://github.com/Gomboc-AI/rattleback)). #### 2. Scan & Generate Fixes * Edit one of your Terraform files and create a pull request in your selected repo. * Gomboc will: * Automatically scan your Terraform code * Open a new PR with: * A clear summary of what was fixed * Suggested secure code fixes #### 3. Review Fixes & Share Feedback * Head to the PR created by Gomboc, review the description, accept the fixes, and merge. * Leave feedback via our [GitHub discussions channel.](https://github.com/Gomboc-AI/gomboc-ai-feedback/discussions/2)

Get started with Gomboc MCP Server (Beta)

With our Gomboc MCP server, you'll be able to use your own AI tool like Claude or ChatGPT and have it interact with Gomboc. #### 1. Pull the Docker image [here](https://hub.docker.com/r/gombocai/mcp/tags) #### 2. Generate a personal token * [Here's](/getting-started/generate-a-personal-access-token.md) how to create a Gomboc personal access token. * Once you have the image and token you can run the following command to run the MCP server: ``` docker run -p 3100:3100\ -e GOMBOC_PAT='GENERATED_GOMBOC_PAT' \ gombocai/mcp:latest ``` > For examples and details go to the [dedicated MCP user docs page](https://docs.gomboc.ai/integrations/mcp-server).

*** **Need help?** Leave feedback via our [Discussions channel.](https://github.com/Gomboc-AI/gomboc-ai-feedback/discussions/2) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.gomboc.ai/getting-started-ce.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.