Detect leaked secrets, vulnerable dependencies, misconfigured workflows, and insecure Dockerfiles. Get a security grade from A to F instantly.
Finds leaked API keys, tokens, passwords, private keys, and database URLs in your code.
Checks package.json, requirements.txt, and more for known CVEs and unpinned versions.
Detects unpinned actions, dangerous permissions, script injection, and supply chain risks.
Flags running as root, unpinned base images, secrets in build args, and best practice violations.
Ensures sensitive files like .env, private keys, and certificates are properly excluded.
Get an instant security grade with actionable recommendations for every finding.
pip install shieldmyrepo && shieldmyrepo scan .