Security & trust

SecureCore is built for developers who need clarity about what we access, what we store, and how your repository data is handled during beta.

Read-only usage at the API level

SecureCore uses GitHub OAuth scopes to read repository metadata and file contents during scans. We never push commits, modify branches, or open pull requests on your behalf.

No permanent code storage

Repository files are fetched at scan time, analyzed in memory, and discarded. SecureCore stores scan results and findings — not your full source tree.

What we analyze

Six security scanners check for exposed secrets, vulnerable dependencies, authentication issues, injection risks, security headers, and weak cryptography.

Data safety

GitHub tokens are encrypted at rest. Session data is protected server-side. Scan findings are tied to your account and isolated per repository.

GitHub OAuth permissions

SecureCore requests the minimum GitHub OAuth scopes needed for authentication and repository analysis. GitHub OAuth Apps require the repo scope to read private repository contents; SecureCore uses it only for read operations.

  • read:user
    Read profile

    Show your GitHub username and avatar inside SecureCore.

  • user:email
    Read email addresses

    Link your beta application and associate your account with the correct email.

  • repo
    Repository access

    Read repository metadata and file contents during security scans. SecureCore never pushes code, opens pull requests, or modifies your repositories.

What SecureCore accesses on GitHub

  • Read profileShow your GitHub username and avatar inside SecureCore.
  • Read email addressesLink your beta application and associate your account with the correct email.
  • Repository accessRead repository metadata and file contents during security scans. SecureCore never pushes code, opens pull requests, or modifies your repositories.

What we do not store

  • Passwords or credentials unrelated to GitHub OAuth
  • Permanent copies of your full repository source tree
  • Write access to your code, branches, or pull requests

Questions during beta? Use the feedback button in the dashboard or settings to reach the team.