Find vulnerabilities
before attackers do.
Trespass scans your GitHub repositories for hardcoded secrets, known CVEs, and dangerous code patterns — with optional LLM-powered deep analysis.
$ trespass scan .
✓Fetching file tree... 214 files
✓Auditing dependencies... 127 packages
⚠ Scanning code patterns... 3 files flagged
✗ 2 CRITICAL · 5 HIGH · 11 MEDIUM
Run complete in 4.2s ▋
How it works
Three steps to a security report.
Connect
Log in with GitHub. Add a Personal Access Token to scan private repositories.
Scan
Select a repository and launch a scan. We analyze secrets, deps, and code patterns.
Fix
Review findings sorted by severity. Each finding comes with a remediation guide.
What we scan
Four layers of security analysis in a single run.
Secrets Detection
API keys, tokens, passwords, and credentials hardcoded in your source.
Dependency CVEs
Known vulnerabilities in npm, PyPI, Go, and Cargo dependencies via OSV.dev.
SAST Patterns
SQL injection, eval(), XSS vectors, command injection, and weak crypto.
LLM Code Review
Optional AI-powered deep-dive on flagged files using your own API key.
Ready to secure your repos?
Connect your GitHub account and get your first security report in under a minute.
Get started — it's free