Health Score

HIGH

Unpinned dependency versions

requirements.txt allows float — potential supply-chain risk

MEDIUM

Missing SECURITY.md

No vulnerability disclosure policy found in repo root

LOW

Debug mode may be enabled in example config

examples/config.py sets DEBUG=True — not safe for production

↓ Scan your own repo to get a full report

↓

Six-layer repo scanner

Paste any public GitHub URL. Security, dependency, IaC, licence, quality and governance checks run in parallel. No account needed.

Try:

Deep scan Semgrep · Bandit · pip-audit · ~45s · 3 free per day, no account

How it works

Six analysis layers run in parallel on AWS Lambda — no containers, no VMs. The scanner inspects your public GitHub repo without cloning it.

Checks for hardcoded secrets, insecure defaults, and SAST patterns across your source files.

Detects known CVEs in your dependency manifest using OSV and advisory databases.

Scans Terraform, CloudFormation, and Kubernetes manifests for security misconfigurations.

Flags GPL, AGPL, and licence-absent packages that could block commercial use.

Highlights missing tests, coverage gaps, and CI configuration issues.

Checks for SECURITY.md, CODEOWNERS, branch protection, and release hygiene.