> ## Documentation Index
> Fetch the complete documentation index at: https://docs.secally.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Overview

> How SecAlly scans PRs and repositories in GitHub, and where results show up.

## How SecAlly Works

SecAlly integrates with GitHub as an app and operates in two primary modes:

1. **PR scans** when you open a pull request
2. **Full repository scans** (requested via a GitHub issue)

Both scan types analyze source code and produce structured security findings mapped to:

* OWASP Mobile Top 10
* CWE identifiers
* CVSS severity scores

## Where Results Show Up

SecAlly reports results back to GitHub:

* **A GitHub check run** on the relevant commit
* **PR reviews with inline comments** for PR scans
* **Issue comments** for full repository scans

## Core Concepts

### Organizations & Repository Access

You install the SecAlly GitHub App on a GitHub organization. That installation controls which repositories SecAlly can access.

### Monitored Repositories

In SecAlly, you explicitly mark repositories as **Monitored**. Scans are only queued for monitored repositories.

### Scan Requests

A scan request represents one execution of the scanner:

* **PR scan:** compares a PR base and head ref
* **Full scan:** scans the repository default branch

### Findings

Findings are individual security issues detected during a scan sorted by CVSS score. Each finding includes:

* CVSS severity
* Optional OWASP Mobile Top 10 and CWE mappings
* Evidence snippets and remediation guidance
