100% Free

Security Scanner

Free GitHub Action that scans your repos for secrets, vulnerabilities, and misconfigurations. Automated security on every push.

# .github/workflows/security.yml
name: Security Scan

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]

jobs:
  security:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: h2security/scanner@v1

View on GitHub Get Full Agents

Why Use It

Security in 2 Minutes

Add one file to your repo. Get security scanning on every push.

Secret Detection

Automatically find API keys, passwords, tokens, and credentials before they leak.

Dependency Audit

Scan npm, pip, and Go dependencies for known vulnerabilities.

PR Comments

Get scan results posted directly to your pull requests for easy review.

Fast Scans

Typically completes in under 2 minutes. Won't slow down your CI/CD.

Reports

Markdown reports with all findings. Download as artifacts for compliance.

Open Source

MIT licensed. Free forever. No signup, no tracking, no BS.

Scan Coverage

What Gets Scanned

Secrets

✓ AWS Keys

✓ GitHub Tokens

✓ API Keys

✓ Database URLs

✓ Private Keys

✓ Passwords

Dependencies

npm audit, pip-audit, govulncheck

✓ Node.js (npm)

✓ Python (pip)

✓ Go modules

✓ CVE detection

✓ Severity levels

✓ Fix versions

Containers

✓ Dockerfile issues

✓ Best practices

✓ Root user checks

✓ Misconfigurations

Free vs Pro

Need More?

The free scanner covers basics. Our agents go deeper.

Feature	Free Scanner	AI Agents
Secret scanning	✓	✓
Dependency audit	✓	✓
Container scanning	✓	✓
AI-powered analysis	-	✓
Remediation guidance	-	✓
SAST/DAST	-	✓
Compliance mapping (SOC2, CIS)	-	✓
Pentest methodology	-	✓
Interactive chat	-	✓

Ready for deeper security?

Get AI-powered security agents with pentest methodology, compliance mapping, and interactive guidance.

View AI Agents Get Bundle - $99