Scan GitHub Repos for
Accidentally Committed API Keys
Real-time GitHub webhook scanning using regex patterns and entropy analysis. Instant Slack alerts with commit details and remediation steps the moment a secret leaks.
Start Protecting Repos — $39/mo50+
Secret Patterns
<5s
Alert Latency
∞
Repos Monitored
Simple Pricing
Pro Plan
$39
/month
- ✓Unlimited GitHub repositories
- ✓Real-time webhook scanning
- ✓50+ secret detection patterns
- ✓Shannon entropy analysis
- ✓Instant Slack notifications
- ✓Commit details & remediation tips
- ✓Email support
FAQ
How does the scanning work?
We register a GitHub webhook on your repos. Every push triggers our scanner which runs 50+ regex patterns and Shannon entropy checks against each diff to detect API keys, tokens, and secrets.
Which secret types are detected?
AWS keys, GitHub tokens, Stripe keys, Twilio, SendGrid, Google API keys, private keys, JWT secrets, database URLs, and dozens more — plus high-entropy strings that look like secrets.
What happens when a secret is found?
You get an instant Slack alert with the repo name, commit SHA, file path, matched pattern type, and step-by-step remediation instructions to revoke and rotate the exposed credential.