Scan any public GitHub repo for secrets, vulnerabilities, and security misconfigurations.
Reads actual file contents — .env files, package.json, source code — not just file names.
Secret Scanning
Scans .env files and source code for API keys, tokens, private keys, database URIs using 22+ patterns.
Dependency Audit
Checks package.json for known vulnerable or deprecated packages like vm2, lodash, jsonwebtoken.
CI/CD Pipeline
Detects GitHub Actions, CircleCI, Travis, Jenkins, GitLab CI and other CI/CD configurations.
Branch Protection
Verifies if the default branch requires PR reviews and blocks force pushes.
.gitignore Analysis
Checks if .env files, node_modules and other sensitive paths are properly excluded.
Quality & Compliance
Verifies README, LICENSE, SECURITY.md, CODEOWNERS, Dependabot alerts and repo activity.
Try with popular repositories: