Shielda User Manual — Founder Mode

For: Non-technical founders, CTOs, and security leads Goal: Get security coverage running with minimal technical effort Last Updated: 2026-04-03

---

Getting Started Dashboard Overview Registering Your First Agent Understanding Your Security Posture Reviewing Findings Security Contracts Scheduling Scans AI Security Counselor Reports & Assessments Team Management Notifications Billing & Plans

---

Getting Started

First Login

Navigate to your Shielda dashboard URL (e.g., https://acme.shielda.io or https://app.shielda.io) Click Log In — you'll be redirected to Auth0's hosted login page Sign up with email/password or use Google/GitHub social login On first login, a new organization is created for you automatically

What Happens Automatically

When your organization is created: A Starter plan (free) is activated with: - 2 agents, 5 scans/day, 10 services, 5 users - SAST, SCA, Secrets, and SBOM scanning - AI Security Counselor (25 sessions/day) Default tool bundles are activated: - AppSec Starter (Semgrep, Trivy, GitLeaks, Checkov, Grype) - K8s Hardening (Kubescape, Kube-bench) - Supply Chain (Syft, Grype) Your tenant subdomain and dashboard are ready to use

---

Dashboard Overview

The main dashboard (/dashboard) shows your security health at a glance:

Section What It Shows Hero Metrics Total findings, open findings, resolved rate, active agents Severity Donut Breakdown by Critical / High / Medium / Low / Info AI Agent Status Which AI agents are active and their recent actions Recent Findings Latest discovered vulnerabilities Root Cause Insights Recurring patterns across findings with systemic fix suggestions Recommendations Actionable next steps to improve your security posture

Navigation Sidebar

Page What It Does Overview Dashboard home with key metrics Findings All discovered vulnerabilities, filterable by severity, status, service Services Discovered services with health indicators Contracts Security contracts for each service Scans Scan history and trigger new scans Schedules Recurring scan schedules Agents Registered agents and their status Tools Scanner bundles and individual tool activation Counselor AI security chat assistant Assessments Security assessment history Reports Generate and download security reports Recommendations System-generated improvement suggestions Notifications Notification inbox Settings Organization settings, custom instructions Team Manage team members and roles Integrations Connect GitHub, GitLab, Slack, Jira, etc. Billing Plan management, usage, invoices

---

Registering Your First Agent

The Go Agent is what scans your environment. Here's how to set it up:

Step 1: Register an Agent

Go to Dashboard → Agents Click Register New Agent Give it a name (e.g., "Production Scanner") Copy the generated Agent Token — you'll need this for installation

Step 2: Install the Agent

Choose one of these deployment methods:

Docker (Simplest)

Kubernetes (Helm)

Step 3: Verify Connection

Go back to Dashboard → Agents Your agent should show a 🟢 Online status within 60 seconds The agent will automatically: - Discover services (Docker containers, Git repos, K8s workloads) - Generate Security Contracts for each service - Run the default scan bundle (AppSec Starter) - Triage findings using AI

---

Understanding Your Security Posture

Findings Overview

After the first scan completes (usually 5-15 minutes), go to Dashboard → Findings:

Critical 🔴 — Exploitable vulnerabilities that need immediate attention High 🟠 — Serious issues that should be addressed soon Medium 🟡 — Standard security issues for planned remediation Low 🟢 — Minor issues or best-practice recommendations Info ℹ️ — Informational findings for awareness

Root Cause Insights

Shielda's AI groups findings by root cause, showing you systemic patterns:

"12 findings share root cause: Missing input validation" "8 findings share root cause: Outdated dependency (lodash 4.17.20)"

Click Apply Systemic Fix to address all findings with the same root cause at once.

---

Reviewing Findings

Finding Detail Page

Click any finding to see: