Skip to main content

Prerequisites

Before installing Asymptote, you must have:
  • A GitHub account with admin access to the repositories you plan to connect
  • One or more GitHub repositories where you want Asymptote to help detect and prevent code vulnerabilities

Installing Asymptote

Step 1: Sign up for Asymptote · ~1 min

Visit Asymptote to create a new account. You can sign up with Google or GitHub, or use your email address and set a password. Your account includes access to the Asymptote dashboard, where you can:
  • Define and manage security policies that match your team’s standards
  • Review detected vulnerabilities, including what was fixed automatically and what still needs action
  • Track product security and remediation trends over time with clear metrics and reporting

Step 2: Connect Your GitHub Account · ~1 min

1

Sign into GitHub

Visit this link to install the Asymptote GitHub App.Asymptote GitHub Connection
2

Authorize GitHub Integration

You’ll be redirected to GitHub to authorize Asymptote’s access to your repositories. Asymptote requires the following permissions:
  • Read access to repository code and metadata
  • Webhook access to receive real-time repository updates
  • Read and write access to checks and commit statuses, issues and pull requests, and repository webhooks
Asymptote Permissions
3

Select Repositories

Select which repositories you want Asymptote to connect to. You can:
  • Grant access to all repositories in your organization, or
  • Select specific repositories now
You can add more repositories later from the Asymptote dashboard if needed.

Step 3: Install the CLI · ~30 sec

Install the Asymptote CLI using Homebrew: 
brew install asymptote-labs/tap/asymptote-cli

$ brew install asymptote-labs/tap/asymptote-cli

==> Downloading asymptote-cli...
==> Installing asymptote-cli...
 Installed asym v0.5.0

Step 4: Run asym init · ~30 sec

Run the init command to authenticate and connect your AI coding agents: 
asym init
This will log you into your Asymptote account, automatically detect supported coding agents on your machine (Cursor, Claude Code, GitHub Copilot, and more), and allow you to choose which ones to configure Asymptote hooks for.

Step 5: Configure GitHub Security PR Reviews · ~1 min

Add Asymptote to your CI pipeline to automatically scan pull requests and enforce security policies before code is merged.
1

Add the workflow file

Add this workflow file to your repository:
.github/workflows/asymptote-security-scan.yml
name: Asymptote Security Scan

on:
  pull_request:
    branches: [main]

permissions:
  contents: write
  pull-requests: write
  checks: write

jobs:
  security-scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Asymptote Security Scan
        uses: Asymptote-Labs/asymptote-security-action@v1
        with:
          asymptote_api_key: ${{ secrets.ASYMPTOTE_API_KEY }}
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
2

Create an API key

Create a CI API key from the Settings page in the Asymptote dashboard.Then, in your GitHub repository, navigate to Settings → Secrets and variables → Actions → New repository secret. Create a secret named ASYMPTOTE_API_KEY and paste the key value.
Once connected, Asymptote will post inline review comments with AI-generated fix suggestions on every pull request. You can configure branch protection rules to require Asymptote checks to pass before merging.
Need assistance getting set up? Our team can help with configuration and onboarding. Contact support@asymptotelabs.ai.