Quickstart¶
From signup to first report in 5 minutes.
What you'll need¶
- Corporate email domain (e.g.,
yourcompany.com). - 5 minutes.
- (For full coverage) API keys for individual detection services. Basic monitoring works without them.
Step 1. Sign up¶
- Go to bcp.bytecode.team.
- Click Sign Up.
- Enter email and password (minimum 12 characters).
- Verify email through the link in your inbox.
Step 2. Create an organization¶
On first login the platform asks for your organization name:
- Enter the full legal name of the company — it's used to monitor mentions (on ransomware leak sites, news).
- Add a primary domain — this automatically creates your first DataSource.
Step 3. Add DataSources¶
A DataSource is what to monitor. Go to Settings → Data Sources and add:
- Domains — primary, subdomains, subsidiary company domains.
- Email addresses — especially C-level, IT, security.
- Keywords — product names, brands, project codenames.
- Company names — full, abbreviations, trademarks.
Bare minimum to start
The main domain and 5-10 key employee emails are enough. You can add the rest later.
Step 4. Connect the first detection service¶
The fastest option — HIBP:
- Settings → Detection Sources → HIBP → Connect.
- If you have an API key — paste it; if not — get one at https://haveibeenpwned.com/API/Key.
- Click Run First Scan.
The first scan typically finds historical breaches (HIBP has history since 2013).
Step 5. Review findings¶
After 1-2 minutes findings show up in the dashboard:
- Severity breakdown — Critical / High / Medium / Low.
- By source — where each finding came from.
- Recent findings — individual ones to review.
Click a finding to see details and the recommended action.
What's next¶
- Connect more detection services (GitHub, Pastebin, GitLab).
- Set up a scan schedule for automation.
- Invite colleagues into your organization.
- Configure notifications.