Read-only usage at the API level
SecureCore uses GitHub OAuth scopes to read repository metadata and file contents during scans. We never push commits, modify branches, or open pull requests on your behalf.
SecureCore is built for developers who need clarity about what we access, what we store, and how your repository data is handled during beta.
SecureCore uses GitHub OAuth scopes to read repository metadata and file contents during scans. We never push commits, modify branches, or open pull requests on your behalf.
Repository files are fetched at scan time, analyzed in memory, and discarded. SecureCore stores scan results and findings — not your full source tree.
Six security scanners check for exposed secrets, vulnerable dependencies, authentication issues, injection risks, security headers, and weak cryptography.
GitHub tokens are encrypted at rest. Session data is protected server-side. Scan findings are tied to your account and isolated per repository.
SecureCore requests the minimum GitHub OAuth scopes needed for authentication and repository analysis. GitHub OAuth Apps require the repo scope to read private repository contents; SecureCore uses it only for read operations.
Show your GitHub username and avatar inside SecureCore.
Link your beta application and associate your account with the correct email.
Read repository metadata and file contents during security scans. SecureCore never pushes code, opens pull requests, or modifies your repositories.
What SecureCore accesses on GitHub
What we do not store
Questions during beta? Use the feedback button in the dashboard or settings to reach the team.