New · GitHub App

Security checks on every pull request.

Install once. Every PR gets scanned for hardcoded secrets, SQL injection, missing auth, XSS, and 200+ other vulnerability patterns. Findings show up inline in the diff, where you review.

Free for public repos and small projects. No credit card required.

What you get on every PR

A pass/fail Check Run

Every PR shows an XploitScan check. Critical or high findings fail the check; medium and low are advisory. Wire it as a required check to block merges.

Inline review comments

Findings post directly on the line that triggered them — severity, rule ID, and a fix recommendation right where you'd be reading the diff anyway.

Tier-aware detection

Free covers 30 core rules. Pro and Team unlock the full 210+ rule set plus an AI false-positive filter that drops noisy matches before they reach you.

What it catches

Hardcoded API keys, AWS credentials, Stripe secrets
SQL injection via template literals
XSS through dangerouslySetInnerHTML / innerHTML
Missing webhook signature verification (Stripe, Clerk, GitHub)
Reflected CORS allowing arbitrary origins
API routes missing authentication
Command injection via child_process.exec
IDOR — missing ownership checks on user-scoped data
Server-side request forgery (SSRF) patterns
Insecure deserialization (Python pickle, Java)

Plus 196 other patterns curated specifically for AI-generated code.

How it works

  1. 1

    Install on your account or org

    Pick which repositories XploitScan can see. Public, private, or both — your call.

  2. 2

    Open a pull request

    The App scans the changed files at the PR's HEAD commit. Typically completes in under 5 seconds.

  3. 3

    See findings inline

    A Check Run lands on the PR with a severity breakdown. Findings on changed lines also appear as inline comments in the diff.

  4. 4

    Fix and push

    Each push re-scans automatically. Resolved findings drop off; new findings appear. No duplicate comments.

XploitScan for GitHub — security checks on every pull request