56,000+ Repos Pre-Scanned. Results in Under 200ms.

Know if any GitHub repo is
safe before you ship it.

Paste any GitHub repo. Get an instant security score — secrets exposure, vulnerable dependencies, CVE risk, CI/CD gaps. Free tier available. No install required.

0 5 10 SAFE RISK DANGER
--
Security Score
vercel/next.js facebook/react openai/openai-python langchain-ai/langchain
🔴
--
Findings Detected
--
Days Exposed
🔑
--
Secrets Exposed
📊
--
Security Score
56,000+
Repos Indexed
12
Analysis Phases
<200ms
Response Time
100%
Public Repos

What Does the Score Mean?

A number every developer actually understands.

ZaphScore analyzes any public GitHub repo across 12 security dimensions and returns a single score from 0 to 100. Higher is safer. Think of it like a credit score — but for code security.

90–100
Grade A
Strong security posture. Secrets managed properly, deps up-to-date, CI/CD locked down.
75–89
Grade B
Good baseline. Minor gaps in dependency pinning or security file coverage.
60–74
Grade C
Notable risks. Outdated deps, missing SECURITY.md, weak CI configuration.
45–59
Grade D
High risk. Multiple exposed vectors. Not safe for production dependency.
0–44
Grade F
Critical. Secrets likely exposed, vulnerable deps, no security practices in place.

Score is computed across: Secret Exposure · Dependency CVEs · CI/CD Security · Code Quality · License Risk · and 7 more phases.

12-Phase Analysis

Every Angle. Every Risk.

B1

Code Quality

Static metrics, complexity, dead code ratio.

B2

Metadata

Repo age, star velocity, contributor count.

B3

Dependency Health

Known CVEs, outdated packages, supply chain risk.

B4

Commit Velocity

Frequency, contributor churn, bus factor.

B5

CI/CD Maturity

Workflows, test automation, branch protection.

B6

AST Analysis

Unsafe functions, injection risk, code patterns.

B7

Composite Report

Weighted aggregate, normalized 0–100 with percentile.

B8

Trend Signal

Score trajectory over 90 days.

B9

Quality Gate

Binary pass/fail for CI/CD pipeline integration.

B10

Exposure Score

Secrets, endpoints, public surface risk.

B11

Verification

Identity signals, signed commits, author provenance.

B12

Breach Probability

Real-world threat intel cross-referenced with findings.

Pricing

Start Free. No Card Required.

Explorer
$0/mo

Try it, no commitment.

  • 10 scans/session
  • Full 12-phase breakdown
  • Cached results instant
Developer
$29/mo

For developers who ship secure code.

  • 200 API calls/day
  • 8-component breakdown
  • CI/CD integration
  • API key via email
Team
$149/mo

For security-conscious teams.

  • 2,000 API calls/day
  • Full findings + severity
  • Bulk repo scanning
  • Priority support
Enterprise
$997/mo

Unlimited. White-label. SLA.

  • Unlimited API calls
  • Raw scan data
  • Custom scoring weights
  • 99.9% SLA