Run your first scan

What happens during a scan, what shows up in the verdict, and what to read first.

What a scan does

A PulseLight scan clones your repo (read-only into an ephemeral workspace), runs the deterministic Rust scanner across the seven pillars, and — if you’ve connected platforms — audits live config in parallel. Total time: ~60 seconds for a typical Next.js / SvelteKit / Express repo.

Output is a launch readiness verdict: one of ready_to_launch, risky_but_shippable, or not_ready_yet (post-launch projects show monitoring_only).

What shows up after the scan

The verdict block.

Plain English: “Not ready yet — 3 things to fix before inviting real users.” This is what most founders read in the first five seconds.

The Top 3.

Three named blockers, prioritised by stage relevance, severity, and effort. Each carries a Fix-with-AI prompt + an Accept Risk option for false positives.

The pillar strip.

Status across all seven pillars at a glance — Secure / Stable / Billable / Measurable / Usable / Scalable / Trustworthy. A quick map of where the scan landed.

The Fix Queue (if you click in).

The full prioritised list, grouped by Blockers / Warnings / Later. Most founders never need to scroll past Top 3 — the Fix Queue is for when you’ve cleared those and want to plan the rest.

What you should read first

Read in this order: verdict → Top 3 → pillar strip. If everything green, skim and move on. If not, click into the Top 3 and fix the first item. Re-scan when you push.

How re-scans happen

After your first scan, PulseLight re-scans automatically when you push to your default branch. You can also trigger a scan manually from the project page, or via the CLI before a feature ships.

Set the cadence to off from project Settings if you only want manual + push-triggered scans (no daily sweep).