Sign in to the app
Open app.0labs.ai and sign in. You’ll land on the Posture dashboard
(empty until your first scan).
Connect GCP (read-only)
Apply the onboarding Terraform module in your GCP org or project. It creates a least-privilege,
read-only scanner service account that 0Labs impersonates keyless — no keys are ever created or
shared.Run
terraform apply. Full prerequisites and a Cloud Shell one-liner are in
Connect GCP.Register the connector
In the app, go to Settings → Cloud connectors → Connect GCP and paste the
connector_config output. 0Labs runs a read-only connectivity test — impersonation, Cloud Asset
Inventory, and Cloud Logging must all pass. Nothing is scanned until that test passes and you
confirm.Saving the connector automatically creates a daily scan schedule — no other setup.Connect your remediation repo
Go to Settings → Remediation repositories → Connect GitHub repo. You’re sent to GitHub’s
native repo picker to install the Agent0 App on the repo(s) you want fixes to land in,
then returned to the app. See Connect GitHub.
Watch your first findings land
A daily scan starts automatically. Your first findings appear in Posture within about
15 minutes. For each misconfiguration the agent confirms, it opens a fix PR in your connected
repo for you to review.
Want results immediately instead of waiting for the daily cron? An admin can trigger the first
scan on demand — see Connect GCP → Verify.
What success looks like
- A
cloud_posturefinding appears in your triage inbox, with provenance pointing at the exact resource. - A bot-authored pull request lands in your connected repo with the import + fix and a green
terraform plancheck. - Merge ≠ apply — merging the PR is your decision; your CI plans and your pipeline applies.