Your repository is a city.
Let’s see who’s attacking it.

Paste a GitHub URL. An in-browser Go → WebAssembly engine scans every file for secrets, injection sinks, weak crypto and misconfigurations, cross-references your dependencies against OSV.dev, then renders it all as a living 3D cyber-city — threat actors hovering over the buildings they’d hit.

Analyze ▸

Private repo, or hitting rate limits? Add a GitHub token

Stored only in this browser’s localStorage and sent only to api.github.com. There is no server here to see it — the whole app is static files + WASM.