SecurePR provides automated security scanning of pull requests and merge requests. The service analyses infrastructure-as-code, source code, and dependencies for security vulnerabilities and posts results as PR comments.
You may only use SecurePR to scan repositories you own or have explicit written permission to scan. Scanning third-party repositories without authorisation is prohibited and may result in immediate account termination.
Security scan results are provided for informational purposes only. SecurePR does not guarantee the detection of all vulnerabilities and results should not be the sole basis for security decisions. No scan verdict constitutes a security certification.
Repositories are cloned temporarily into isolated environments for scanning and deleted immediately after. We retain scan findings (file paths, check IDs, severity) for up to 90 days. We do not store your source code.
You are responsible for keeping your API keys secure. Do not commit keys to version control. If a key is compromised, contact us immediately at security@securepr.dev.
We aim for 99.5% uptime but provide no SLA on the Starter plan. Team and Pro plans include priority support.
SecurePR shall not be liable for any damages arising from the use or inability to use the service, including any security incidents that occur despite scanning.
We may update these terms with 14 days' notice via email. Continued use of the service constitutes acceptance.
Legal enquiries: legal@securepr.dev