Getting started

Quickstart

Install scop, scan your first repo, and wire it into CI in under two minutes.

---

1. Install

curl -fsSL https://sourcecop.com/install.sh | sh

We publish signed binaries for macOS (Intel & Apple Silicon), Linux (x86_64 & arm64), and Windows. No daemon, no rooted container.

2. Scan

scop scan --repo .

scop walks your dependency tree, cross-references six advisory feeds, and prints a verdict. Exit code is non-zero if anything’s critical, so you can use it in CI without any extra plumbing.

3. Wire it into CI

Drop this into .github/workflows/sourcecop.yml:

- name: SourceCop scan
  uses: sourcecop/action@v1
  with:
    fail-on: critical

Block merges on criticals, warn on highs, ignore noise. Sensible defaults — configurable when you need it.

Last updated 2026-06-03.