Frequently Asked Questions

GitGuard scans your GitHub repositories for security vulnerabilities. We check for common issues like CSRF vulnerabilities, XSS attacks, insecure random number generation, dynamic code execution, and hardcoded credentials. Think of us as your code's personal security guard who actually shows up for work.

Nope! That's the whole point. We explain vulnerabilities in plain English (well, mostly plain). You don't need a PhD in cybersecurity - just the ability to read and care about your code not being a security nightmare.

Free gives you 5 scans/day to try things out. Pro ($19/month) includes 100 scans/day, AI-enhanced scanning, advanced detection, and export reports. Premier ($29/month) adds unlimited scans, DDoS testing, dependency scanning, secret scanning, continuous monitoring, webhook alerts, and compliance reports. Check our pricing page for the full comparison.

Upgrades take effect immediately - you get instant access to new features. Downgrades are scheduled for the end of your current billing period, so you keep enjoying your current tier benefits until then. We're not monsters.

It's like having a senior security engineer review your code, except it doesn't drink all your coffee or have strong opinions about tabs vs spaces. AI scanning provides detailed vulnerability analysis, remediation steps, and even code examples. It's basically ChatGPT if ChatGPT actually knew what it was doing with security. Available in Pro and Premier tiers.

Dependency scanning (Premier tier) checks all your npm, pip, and other package dependencies for known vulnerabilities. Because using that npm package with 47 dependencies from 2016 might not be your best security move. We'll tell you which dependencies are sketchy and need updating.

Secret scanning (Premier tier) finds API keys, passwords, tokens, and other sensitive data accidentally committed to your repo. Yes, that AWS key you committed at 3 AM last Tuesday. We find it before hackers do.

With Premier tier, you can schedule automatic scans of your repositories. We'll continuously monitor your code and alert you the moment new vulnerabilities are detected. It's like having a security guard who never sleeps, never takes breaks, and never eats your lunch from the office fridge.

Webhook alerts (Premier tier) let you send scan results to your own systems via HTTP POST. Perfect for integrating with Slack, Discord, PagerDuty, or your custom dashboard. When we find something, you'll know instantly - no logging in required.

Yes! We only access your repositories temporarily during scans. We don't store your code, we don't sell your code, and we definitely don't use it to train our own AI to take over the world. Your secrets are safe with us (unlike that password you hardcoded in production last week).

We provide detailed remediation steps and code examples, but we won't auto-commit fixes to your repo. Why? Because automatically changing code is how you end up on r/programminghorror. We'll tell you what's wrong and how to fix it - the actual fixing is your workout for the day.

We scan JavaScript, Python, PHP, Java, Ruby, Go, and more. If your code can have security vulnerabilities (spoiler: it can), we probably scan it. If we don't support your language yet, let us know - we're always expanding our security empire.

Usually just a few seconds for basic scans. AI-enhanced scans take a bit longer (AI needs time to think, unlike some humans). Comprehensive Premier scans with all features enabled might take 30-60 seconds. Either way, it's faster than manually reviewing thousands of lines of code while questioning your life choices.

Absolutely! We're not a gym membership. Cancel anytime from your account settings. If you downgrade or cancel, you'll keep your current tier until the end of your billing period. We'll be sad to see you go, but we won't guilt-trip you about it. Much.

If you're unhappy within the first 7 days of a paid subscription, we'll refund you. After that, we follow standard monthly billing - cancel anytime and you won't be charged again. Fair and simple.

If you're scanning hundreds of repos or need custom integrations, contact us about Enterprise pricing. We can tailor a solution for your team's needs, including on-premise deployment, SSO, and custom SLAs.

Ironic, right? But hey, we're human too (mostly). Report bugs through our contact page and we'll fix them faster than you can say 'undefined is not a function'. Bonus points if you include a funny bug report title.