Features & How It Works

Comprehensive security scanning platform designed for modern development teams

What is RepoSecu?

RepoSecu is an advanced security scanning platform that helps developers and organizations identify vulnerabilities, security flaws, and exposed secrets in their codebases. By combining three powerful security tools—Semgrep, Trivy, and Detect-Secrets—we provide comprehensive security analysis in a single, easy-to-use platform.

Our platform is designed with developers in mind, offering both quick scans for immediate results and product-based scanning for continuous security monitoring. With support for both public and private repositories, flexible subscription plans, and a robust API, RepoSecu integrates seamlessly into your development workflow.

Whether you're a solo developer or part of a large team, RepoSecu helps you maintain secure code by catching vulnerabilities early in the development cycle, before they can be exploited.

How It Works

📝

Create a Scan

Choose between quick scan or product-based scan. Select your repository URL, branch, and enable the security tools you want to use.

⚙️

Queue Processing

Your scan is added to the Redis queue and processed asynchronously. You can continue working while the scan runs in the background.

🔍

Security Analysis

Our tools analyze your code, dependencies, and files for vulnerabilities, security issues, and exposed secrets.

📊

View Results

Get comprehensive reports with detailed findings. Download JSON reports, view critical issues, and track your security posture.

Security Tools

Semgrep

Static code analysis tool that scans your source code for security vulnerabilities, bugs, and code quality issues.

Capabilities:

Pattern-based code analysis

Custom rule support

Multiple language support

Real-time vulnerability detection

Trivy

Comprehensive vulnerability scanner for containers, dependencies, and filesystems. Detects known CVEs in your dependencies.

Capabilities:

Dependency vulnerability scanning

Container image scanning

OS package analysis

CVE database integration

Detect-Secrets

Prevents secret leakage by scanning your codebase for accidentally committed API keys, passwords, tokens, and other sensitive information.

Capabilities:

Multiple secret pattern detection

Plugin-based architecture

False positive reduction

Pre-commit hook support

Key Features

Public & Private Repository Support

Scan both public and private repositories securely. Our platform supports GitHub repositories with secure token management. Private repositories require authentication credentials for secure access.

Public repository scanning without authentication

Private repository support with secure token storage

GitHub Personal Access Token integration

Secure credential management

Comprehensive Security Reports

Get detailed JSON reports for each security tool. Download reports, view findings, and track vulnerabilities over time. Reports include severity levels, file locations, and actionable recommendations.

JSON format reports for easy integration

Detailed vulnerability information

Severity classification (Critical, High, Medium, Low)

Downloadable reports for offline analysis

Asynchronous Processing

All scans are processed asynchronously using Redis Queue. This ensures fast response times and allows multiple scans to run in parallel without blocking your workflow.

Redis-powered job queue system

Parallel scan processing

Real-time status updates

Non-blocking architecture

Multiple Security Tools

Run three powerful security tools in a single scan: Semgrep for static code analysis, Trivy for dependency scanning, and Detect-Secrets for secret detection.

Semgrep: Static code analysis

Trivy: Dependency vulnerability scanning

Detect-Secrets: Secret and credential detection

Enable/disable tools per scan

Flexible Subscription Plans

Choose from Free, Eco, or Business plans based on your scanning needs. Each plan offers different limits for scans, products, and targets.

Free: Limited scans for testing

Eco: Moderate scanning limits

Business: Unlimited scanning

Easy plan upgrades and downgrades

API-First Architecture

Built with RESTful API design and JWT authentication. Integrate our scanning capabilities into your CI/CD pipelines or custom applications.

RESTful API endpoints

JWT-based authentication

Comprehensive API documentation

Easy integration with existing tools

Ready to Get Started?

Start scanning your repositories today and improve your security posture