Works on public repositories hosted on GitHub, GitLab, Bitbucket, Azure DevOps, or Gitea/Codeberg. It covers software, firmware, KiCad schematics, mobile apps, IaC, and documentation. Nothing is uploaded. Your browser fetches the repository and analyzes it locally.
Not ready to scan? See an example report built from sample data.
Tokens enable private repositories and raise rate limits. For GitHub, use a fine-grained token with read-only Contents access, which raises the limit from 60 to 5,000 requests per hour. For GitLab, use a personal access token with read_api. For Bitbucket, enter username:app_password or a repository access token. For Azure DevOps, use a PAT with the Code Read scope. The token stays in this browser tab only and is sent solely to the chosen provider's API.
username:app_password
This tool performs an automated, initial security assessment. It is not a substitute for a review by a qualified security professional, and it does not certify that a repository is secure or compliant. It is provided on an "as is" and "as available" basis, without warranties of any kind, express or implied, and its results can include false positives and false negatives that you should independently verify. By accessing, using, or otherwise interacting with this tool in any way, you accept this waiver, you release and waive any and all claims against Berkner Tech, and you agree to defend, indemnify, and hold harmless Berkner Tech and its owners, employees, and affiliates from any and all liability, claims, demands, losses, or damages of any kind, whether direct, indirect, incidental, or consequential, arising out of or relating to your use of the tool or your reliance on its results, to the fullest extent permitted by law. If you do not agree to these terms, do not use this tool.
Starting...