Quick Start
Run your first security scan in under a minute.
The fastest way to try Flowpatrol is through the dashboard. Sign up, paste a URL, and get results.
Create an account
Go to flowpatrol.ai and sign up. You'll land on the dashboard home page.
Every account starts with 3 free Surface scans per month — enough to check your app's security surface before upgrading.
Start a scan
Click Scans in the sidebar, then New Scan. Paste your deployed app URL — something like https://myapp.vercel.app — and click Surface Scan.
Surface is the fastest scan type (1-3 minutes). It checks for leaked secrets, missing security headers, exposed paths, Supabase RLS gaps, and takes screenshots.
You can run a Surface scan on any public URL immediately. Deep scans on custom domains require domain verification first — but localhost always works without it.
Read your results
When the surface scan finishes, you'll see a results page showing:
- A severity summary — how many critical, high, medium, and low findings
- A findings list — each issue with the affected endpoint and what was detected
- Fix suggestions — click any finding for remediation steps tailored to your stack
That's it. You've just checked your app's security surface.
What's next
Now that you've seen your first results, the rest of the docs follow a natural path:
- Running Scans — learn the difference between Surface and Deep scans, pick the right scan mode, and understand what each checks
- Understanding Reports — read findings, interpret severity, and use fix suggestions effectively
- Domain Verification — prove ownership of your domain to unlock full scans on production
- MCP Integration — connect Flowpatrol to your AI editor for inline security checks while you code
- CLI Setup — install the Flowpatrol CLI and run scans from your terminal
- GitHub Action — automate security scans on every pull request