How It Works
Repository connection, analysis, and verdict generation
1
Connect your repository
Authorize ShieldMyApp to read your GitHub repository. We request read-only access to scan your code.
You can revoke access anytime from your GitHub settings.
2
Analysis
Our scanners look for:
- • Hardcoded secrets (API keys, passwords, tokens)
- • Vulnerable dependencies (npm packages with known CVEs)
- • Injection patterns (SQL injection, command injection)
- • Unsafe configurations
Based on OWASP Top 10 and documented breach patterns.
3
Verdict assignment
You receive one of three verdicts:
BLOCKEDCritical issues found — fix before deploying
REVIEWIssues found that need human decision
CLEARNo issues detected — safe to deploy
What happens next
The system provides findings and a verdict. The final deployment decision remains with the user.