🐙

GitHub Repository Security Analyzer

扫描公开的 GitHub 仓库，检测泄露的密钥、易受攻击的依赖项、缺失的 CI/CD 流水线和安全配置错误。免费使用，无需注册。

Reads actual file contents — not just file names

How It Works

Enter a public GitHub repository in the format owner/repo or a full GitHub URL. The analyzer:

Fetches repository metadata via the GitHub REST API.
Downloads and reads the actual content of sensitive files (.env, package.json, .gitignore, source files).
Runs 22+ regex patterns across file contents to detect exposed secrets.
Checks branch protection rules and Dependabot alert status via the API.
Calculates a score (0–100) and assigns a grade A–F based on findings.

Only public repositories are supported. Private repositories return a 404 and cannot be analyzed.

What We Check

Six independent checks, each with a severity and score deduction if issues are found.

🔑Secret ScanningCritical — -15 pts per issue

Reads .env files, source code, and config files for API keys, tokens, private keys, database URIs, and credentials using 22+ detection patterns.

Examples:

→AWS_SECRET_ACCESS_KEY, OPENAI_API_KEY
→Private RSA/EC keys (-----BEGIN PRIVATE KEY-----)
→Database connection strings with passwords
→Stripe, Twilio, SendGrid API tokens

📦Dependency AuditHigh — -10 pts per issue

Parses package.json (and lock files when available) to flag known vulnerable or unmaintained packages.

Examples:

→vm2 — arbitrary code execution (CVE-2023-29017)
→lodash < 4.17.21 — prototype pollution
→jsonwebtoken < 9.0.0 — weak algorithm bypass
→node-fetch < 2.6.7 — SSRF vulnerability

🔄CI/CD PipelineMedium — -6 pts per issue

Detects whether the repository has an automated build/test/deploy pipeline configured.

Examples:

→GitHub Actions (.github/workflows/)
→CircleCI (.circleci/config.yml)
→Travis CI (.travis.yml)
→Jenkins (Jenkinsfile)
→GitLab CI (.gitlab-ci.yml)

🌿Branch ProtectionHigh — -10 pts per issue

Checks via the GitHub API whether the default branch requires pull request reviews and blocks direct force pushes.

Examples:

→Require PR reviews before merging
→Dismiss stale approvals on new commits
→Block force pushes to main/master
→Require status checks to pass

🚫.gitignore AnalysisMedium — -6 pts per issue

Verifies that sensitive files and directories are excluded from version control.

Examples:

→.env, .env.local, .env.production
→node_modules/, vendor/
→*.key, *.pem, *.p12 certificates
→.DS_Store, Thumbs.db

📋Quality & ComplianceLow — -3 pts per issue

Audits repository hygiene and compliance files that signal a well-maintained, trustworthy project.

Examples:

→README.md — project documentation
→LICENSE — open-source license file
→SECURITY.md — vulnerability disclosure policy
→CODEOWNERS — review responsibility
→Dependabot alerts enabled

Score & Grades

Score starts at 100. Each issue deducts points based on severity. Multiple issues of the same type stack (e.g., three critical secrets found = −45 pts).

AExcellent90 – 100

No secrets found, dependencies clean, CI/CD active, branch protection enabled. Exemplary security posture.

BGood70 – 89

Minor issues only — perhaps a missing SECURITY.md or no Dependabot. Core security is solid.

CNeeds Work50 – 69

Medium-severity gaps: no CI/CD, .gitignore missing sensitive patterns, or outdated dependencies.

DPoor30 – 49

High-severity issues found: vulnerable dependencies, no branch protection, or weak repository hygiene.

FCritical0 – 29

Exposed secrets or critical vulnerabilities detected. Immediate action required.

Repository Health Panel

Beyond the score, the analyzer displays a health panel with metadata about the repository.

FieldDescription

Stars / ForksRepository popularity signals.

Open Issues / PRsMaintenance activity indicator.

Default BranchName of the primary branch being protected.

Last CommitTimestamp of the most recent commit activity.

LanguagePrimary programming language detected by GitHub.

LicenseOpen-source license type, if present.

Dependabot StatusWhether automated dependency alerts are enabled.

CI/CD PlatformIdentified pipeline tool (GitHub Actions, CircleCI, etc.).

Scanned FilesList of files actually read for secret detection.

Privacy & Rate Limits

Public repos only. Private repositories cannot be accessed.
No data stored. Repository contents are analyzed in memory and never persisted on our servers.
GitHub API rate limits. Unauthenticated requests are limited to 60/hour per IP. If you hit a rate limit, wait a few minutes and try again.
File size limits. Files larger than 1 MB are skipped during secret scanning to avoid timeouts.

GitHub 仓库安全分析器 — AISeen Docs

扫描公开的 GitHub 仓库，检测泄露的密钥、易受攻击的依赖项、缺失的 CI/CD 流水线和安全配置错误。免费使用，无需注册。

Analyze a repo →