CognitivTrust Documentation

Quick Start

Get CognitivTrust connected in minutes with OAuth onboarding, GitHub App installation, and a guided first rollout.

Sign in with GitHub or Google and connect your organization.
Install the GitHub App so CognitivTrust can detect repositories and enable security checks.
Start with a small repository set, then expand coverage across IDE, pull requests, and CI/CD.

CognitivTrust is designed to live inside the tools teams already use instead of forcing work into a separate portal.

Live integrations highlighted on the public site include Slack & Teams, GitHub & GitLab, VS Code & Cursor, GitHub Actions & CI/CD, JIRA & Linear, and 10+ security scanners.
The product positioning centers on bidirectional workflows: pull request checks, inline feedback, thread replies, security stories, and CI/CD gates.
Confluence & Notion plus PagerDuty & OpsGenie are presented as upcoming integrations, not generally available public features.

The platform combines pre-generation guardrails with post-generation review and operational security context.

Threat modeling as code with STRIDE-oriented updates tied to pull requests and architecture changes.
Unified scanner triage across tools such as Semgrep, Snyk, SonarQube, Trivy, CodeQL, and Checkmarx.
AI code provenance, SDLC security memory, and policy-aware review flows that reduce fix-regenerate loops.

Public documentation currently provides an overview rather than a full endpoint-by-endpoint reference.

The public site describes API access as part of Growth and Enterprise plans.
Detailed API references and organization-specific operational docs are positioned behind authenticated product access.
Use the contact flow to request a trial, demo, or deeper product documentation.

CognitivTrust emphasizes IDE-native security guidance for AI-assisted development.

The public site highlights VS Code and Cursor support with inline markers, hover details, and secure-code generation workflows.
Pricing and product messaging consistently reference CT MCP Server access in the IDE experience.
The developer workflow narrative is prompt-time guidance first, PR review second, and CI/CD enforcement as a downstream gate.

Enterprise readiness is a core part of the public positioning and should stay consistent across every machine-readable surface.

The site references SOC 2 Type II, SSO/SAML, RBAC, audit logs, and data residency options.
Growth and Enterprise plans add advanced controls such as custom roles, API access, dedicated support, and SLA-backed enterprise service.
Private runbooks and tenant-specific controls are not currently exposed as crawlable public pages.