Skip to main content

Quickstart

Use this guide to connect a project, run your first scan, and understand the results in a few minutes. Qodex starts from a target app or API. You give the agent enough context to test safely, ask it what to check, and then review the scenarios and findings it creates.

Prerequisites

  • A Qodex account at agents.qodex.ai.
  • A target to test: a public web URL, a staging URL with test credentials, or an OpenAPI spec.
  • Optional: your own OpenAI key for BYOK mode.

1. Create your account

Sign up at agents.qodex.ai. A default project is created on first sign in. You land in chat with the onboarding agent. It asks for an app description, a target URL, and any test credentials it needs. Answer in plain English. Qodex stores this as project context so future scans do not start from zero.

2. Connect a target

Qodex can test three common target types.

A web URL

Paste a staging or public URL. Qodex crawls the app, catalogs pages, and starts creating UI scenarios.

An OpenAPI spec

Upload a YAML or JSON spec, or paste a spec URL. Qodex parses endpoints, infers auth, and saves them to the endpoint catalog.

A Postman collection

Import an exported Postman v2.1 collection. Qodex preserves folders, requests, auth, and environment variables.

3. Run your first scan from chat

In chat, describe the behavior or risk you want Qodex to check: 
Explore the login flow and check for IDOR on the /users endpoint.
The coordinator breaks the request into smaller testing tasks, starts the right specialty agents, and streams tool calls and results back into chat.

4. Review the results

When the scan finishes, Qodex shows:
  • Scenarios saved as draft so a human can review them before they become active.
  • Findings classified by severity (critical, high, medium, low, info), each with reproduction steps and evidence.
  • A test run record with per-step screenshots, DOM snapshots, console, and network logs on failure.
Promote a scenario to active when you want it included in scheduled or event-driven runs.

Try it yourself

Send an OpenAPI spec

Import a spec and watch Qodex create coverage for discovered endpoints.

Connect a GitHub repo

Install the GitHub App and get inline review comments on the next PR.

Next steps

How Qodex works

Learn how the coordinator, sub-agents, scan types, and cost model fit together.

Concepts

Understand scenarios, scripts, findings, skills, memory, and projects.

PR review setup

Install the GitHub App and connect a repo.