Open Source · Free Forever

Find vulnerabilities
before attackers do.

Trespass scans your GitHub repositories for hardcoded secrets, known CVEs, and dangerous code patterns — with optional LLM-powered deep analysis.

trespass scan carvalhocaio/myapp

$ trespass scan .

Fetching file tree... 214 files

Auditing dependencies... 127 packages

Scanning code patterns... 3 files flagged

2 CRITICAL · 5 HIGH · 11 MEDIUM

Run complete in 4.2s

How it works

Three steps to a security report.

01

Connect

Log in with GitHub. Add a Personal Access Token to scan private repositories.

02

Scan

Select a repository and launch a scan. We analyze secrets, deps, and code patterns.

03

Fix

Review findings sorted by severity. Each finding comes with a remediation guide.

What we scan

Four layers of security analysis in a single run.

Secrets Detection

API keys, tokens, passwords, and credentials hardcoded in your source.

Dependency CVEs

Known vulnerabilities in npm, PyPI, Go, and Cargo dependencies via OSV.dev.

SAST Patterns

SQL injection, eval(), XSS vectors, command injection, and weak crypto.

LLM Code Review

Optional AI-powered deep-dive on flagged files using your own API key.

Ready to secure your repos?

Connect your GitHub account and get your first security report in under a minute.

Get started — it's free
TRESPASS·Open source security scanner·v1.17.4