GitHub Repository Vulnerability Scanner

Full CVE audit across every lockfile in a repo — no clone required

Enter any public GitHub repository URL and SecOSS automatically discovers every lockfile across all directories and ecosystems — npm, pip, yarn — then runs a unified CVE audit without you having to clone anything locally. Private repositories are supported with a GitHub Personal Access Token.

How to use

1Enter a GitHub repository URL (e.g. github.com/owner/repo) or the owner/repo shorthand.
2Optionally add a GitHub Personal Access Token for private repositories or to raise the API rate limit.
3SecOSS discovers every lockfile in the repository tree and scans each one against OSV.dev.
4Review a consolidated report of all vulnerabilities across every file and ecosystem in the repo.

Scan method