GitHub
SecureCheap connects to GitHub to:
- Scan dependencies for known CVEs (npm, pip, Cargo, Composer, Go modules)
- Detect accidentally committed secrets (API keys, tokens, passwords)
- Monitor GitHub Actions workflow failures
Required permissions
We request a read-only GitHub OAuth App connection — no write access ever.
Permissions:
repo(read) — read repository content and dependency manifestssecurity_events(read) — read Dependabot alertsworkflows(read) — read Actions run status
Setup
Connect GitHub
- Go to Integrations → + Add → GitHub
- Click Connect with GitHub
- You'll be redirected to GitHub's OAuth authorization page
- Review the permissions and click Authorize SecureCheap
- Choose which organizations and repositories to grant access to
Select repositories to monitor
After connecting, select which repositories to scan:
- All repositories in your org, or
- Specific repositories only
Configure scan settings
| Setting | Default | Description |
|---|---|---|
| Dependency scanning | ✅ On | CVE matching for package manifests |
| Secret scanning | ✅ On | Detect exposed credentials in code |
| Actions monitoring | ✅ On | Alert on workflow failures |
| Scan frequency | Daily | How often to re-scan |
Secret scanning
We scan for these credential types:
| Type | Example pattern |
|---|---|
| AWS Access Keys | AKIA[0-9A-Z]{16} |
| GitHub Personal Access Tokens | ghp_[A-Za-z0-9]{36} |
| Stripe API Keys | sk_live_[A-Za-z0-9]{24} |
| Twilio Auth Tokens | 32-char hex string |
| Generic API keys | api[_-]key\s*[:=]\s*['"][^'"]{16,}['"] |
| Passwords in code | password\s*[:=]\s*['"][^'"]{6,}['"] |
| Private keys | PEM-encoded RSA/EC keys |
⚠️
If a secret is detected, we alert immediately and recommend rotating the credential. Detection does not mean the secret has been exploited — but treat it as compromised.
Dependency CVE scanning
We read your package manifests (package.json, requirements.txt, composer.json, go.mod, etc.)
and cross-reference all pinned versions against the NVD and GitHub Advisory Database.
Findings include:
- Package name and vulnerable version range
- CVE ID and CVSS score
- Whether a fixed version is available
- Upgrade command for your package manager