JMo Security Documentation
Central navigation for all JMo Security documentation.
Start Here
| I am a... | Start with... |
|---|---|
| Complete beginner | Docker Quick Start |
| Developer | Quick Start Guide |
| DevOps/SRE | CI/CD Integration |
| Advanced user | User Guide |
| Contributor | Contributing Guide |
Quick Lookup
| I want to... | Go to... |
|---|---|
| Install JMo Security | Quick Start |
| Use Docker | Docker Guide |
| Install/update security tools | User Guide: Tool Management |
| Configure scanning | User Guide: Configuration |
| Speed up scans | Scan Optimization |
| Set up CI/CD | Docker Guide: CI/CD |
| Suppress false positives | User Guide: Suppressions |
| Compare scans (diff) | Diff Guide |
| Track trends over time | Trends Guide |
| View scan history | History Guide |
| SLSA attestation | SLSA Guide |
| Understand results | Results Guide |
| Use policy-as-code | Policy-as-Code Guide |
| Set up AI remediation | MCP Setup |
| Schedule automated scans | Schedule Guide |
| Answer common questions | FAQ |
| Diagnose a specific problem | Troubleshooting |
| Upgrade from an earlier version | Upgrade Guide |
| Troubleshoot CI failures | CI Troubleshooting |
Documentation Index
Getting Started
| Document | Purpose |
|---|---|
| README | Project overview |
| Quick Start | 5-minute installation guide |
| Docker Guide | Docker installation, variants, CI/CD |
| Installation Guide | Platform-specific installation (macOS, Windows, WSL, Linux) |
| FAQ | Common questions about installation, scanning, Docker, CI/CD |
| Troubleshooting | Symptom-cause-fix guide for common problems |
| Upgrade Guide | Migration from earlier releases to v1.0.x |
Reference
| Document | Purpose |
|---|---|
| User Guide | Comprehensive reference (CLI, configuration, features) |
| CLI Reference | Full CLI reference for all commands and flags |
| Profiles and Tools | Canonical tool lists by profile, dependencies |
| Scan Optimization | Speed optimization strategies (threads, caching, tool config) |
| Usage Matrix | Tool-target-profile usage matrix |
| Command Reference | Quick command cheat sheet |
| API Reference | Python API documentation |
Results and Reporting
| Document | Purpose |
|---|---|
| Results Guide | Understanding findings, output formats, triage workflow |
| Results Quick Reference | At-a-glance results reference card |
| Sample Outputs | Example scan outputs |
Features
| Document | Purpose |
|---|---|
| Policy-as-Code | OPA-based security policies |
| Schedule Guide | Automated scan scheduling |
| Telemetry | Privacy-first usage analytics |
Advanced Features
| Document | Purpose |
|---|---|
| History Guide | SQLite storage for scan persistence and querying |
| Trends Guide | Statistical trend analysis (Mann-Kendall, scoring) |
| Diff Guide | Machine-readable diffs for CI/CD, PR comments |
| SLSA Guide | SLSA attestation, Sigstore signing, tamper detection |
AI Integration
| Document | Purpose |
|---|---|
| MCP Setup | MCP server setup (includes quick reference) |
| GitHub Copilot | VS Code Copilot integration |
| Claude Code | Claude Code CLI integration |
Examples
| Document | Purpose |
|---|---|
| Examples Index | All examples overview |
| Wizard Examples | Interactive wizard workflows |
| Diff Workflows | Scan comparison patterns |
| CI/CD Trends | Trend analysis in CI/CD |
| Attestation Workflows | SLSA attestation patterns |
| Policy Workflows | Policy enforcement in CI/CD |
| Slack Notifications | Slack integration patterns |
Operations
| Document | Purpose |
|---|---|
| CI Troubleshooting | Debugging CI failures |
| Release Process | Release workflow, WSL/macOS validation |
| Version Management | Tool version system |
Contributing
| Document | Purpose |
|---|---|
| Contributing | Development setup, git workflow, standards |
| Testing Guide | Test suite documentation |
| Platform Notes | Cross-platform compatibility |
Project
| Document | Purpose |
|---|---|
| Changelog | Version history |
| Roadmap | Future plans |
| Contributors | Community contributors |
Tools Overview
JMo Security orchestrates 28 security scanners across 11 categories:
| Category | Tools |
|---|---|
| Secrets | TruffleHog, Nosey Parker, Semgrep-Secrets |
| SAST | Semgrep, Bandit, Gosec, Horusec |
| SBOM | Syft, CDXgen, ScanCode |
| SCA | Trivy, Grype, Dependency-Check |
| IaC | Checkov, Checkov-CICD |
| Cloud/CSPM | Prowler, Kubescape |
| DAST | OWASP ZAP, Nuclei |
| Dockerfile | Hadolint |
| Malware | YARA |
| System | Lynis |
| Runtime | Trivy-RBAC, Falco, AFL++ |
Tool details: Profiles and Tools Reference | User Guide: Tool Overview
Getting Help
Documentation
- Installation issues: Quick Start or Installation Guide
- Docker problems: Docker Guide: Troubleshooting
- CI failures: CI Troubleshooting
- General questions: User Guide
Support Channels
- Issues: https://github.com/jimmy058910/jmo-security-repo/issues
- Discussions: https://github.com/jimmy058910/jmo-security-repo/discussions
- Website: https://jmotools.com
Support the Project
- Ko-fi: https://ko-fi.com/jmogaming
- GitHub Sponsors: https://github.com/sponsors/jimmy058910
- Star on GitHub: https://github.com/jimmy058910/jmo-security-repo
Last Updated: April 2026 | JMo Security v1.0.5