# Option 1 - Scan and Fix with Mobb

This option allows you to provide a repo URL and let Mobb scan for vulnerabilities using the open-source SAST scanner Opengrep to produce a report, before passing it to Mobb for triage and auto-remediation.

## Choose a Code Repository

The first step is to specify the repository you want Mobb to scan. You have two main options:

<figure><img src="/files/oJefDLIay9LRae7SXaYL" alt=""><figcaption><p>Repository selection options</p></figcaption></figure>

### Pick a Repository from Your List

This option provides you the ability to look up your connected GitHub, GitLab, Azure DevOps or Bitbucket accounts to pick a repository. Simply click on your preferred SCM provider and authenticate if needed.

* We only fix repositories you select
* Supported providers: GitHub, GitLab, Azure DevOps, and Bitbucket

### Add a Specific Code Repository

This option allows you to specify a public or private repository URL by entering it manually in the text field.

* **Public repository** - Mobb will instantly connect to the repository to extract the content required to perform the scan and generate fixes
* **Private repository**
  * **Accessible repository:** If your SCM is already connected and the private repository is in these accounts, Mobb will instantly connect to the repository
  * **Inaccessible repository:** If your SCM is not connected, Mobb will prompt you to connect your SCM account. Alternatively, you can also upload the source code in a zip file.

You can enter a repository URL in the text field provided, or alternatively upload a zip file if your repository is not directly accessible.

{% hint style="info" %}
If your SCM tool is hosted on-premise, you will either need to deploy a [Mobb broker](/mobb-user-docs/more-info/mobb-broker.md), or use the "upload zip file" feature.
{% endhint %}

Once you have selected your repository, click "**Continue**" to proceed to the scanning phase.

## Running the Scan

After selecting your repository, Mobb will automatically begin the scanning process:

<figure><img src="/files/7EFaeB3vFg4YdDMuBhx8" alt=""><figcaption><p>Scan in progress with real-time status updates</p></figcaption></figure>

The scanning process typically takes a few minutes depending on the size of your repository. You'll see real-time updates as Mobb:

1. Clones your repository to securely access your code
2. Runs Opengrep SAST scan to analyze your code for security vulnerabilities
3. Generates automated fixes for the issues found

The example above shows a scan running on the `antonychiu2/webgoat` repository with status "analyzing issues".

## Accessing Your Fixes

Once the scan is complete, you'll see a screen confirming the analysis is ready. Click "**View Fixes**" to access your completed fix report.

From there, you can visit our [Working with the Fix Report](/mobb-user-docs/getting-started/working-with-the-fix-report.md) page to learn how to work with a completed fix report and commit your fixes to your repo.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.mobb.ai/mobb-user-docs/getting-started/onboarding-guide/option-1-scan-and-fix-with-mobb.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.