Repositories
Scan your code repositories for leaked secrets, vulnerable dependencies, and infrastructure-as-code issues.
Repositories
Seenty scans your code repositories for security issues that often slip through code review: leaked API keys and credentials, vulnerable dependencies, insecure infrastructure-as-code configurations, and Dockerfile best practices violations.
Connect your GitHub repositories via the Seenty GitHub App for automatic scanning on every push. Findings appear in your Seenty dashboard within minutes of each commit.
Install the GitHub App
- Go to Assets > Repositories in the Seenty dashboard.
- Click Connect GitHub.
- You will be redirected to GitHub to authorize the Seenty app.
- Select which repositories (or all repositories) you want Seenty to access.
- Click Install & Authorize.
Select repositories to scan
After installing the GitHub App, return to Seenty. You will see a list of connected repositories. Toggle scanning on for the repositories you want Seenty to monitor.
Automatic scanning
Once enabled, Seenty will:
- Run an initial full scan of the repository
- Automatically scan on every push via GitHub webhook
- Upload findings to your dashboard
The GitHub App requires repository read access to clone and scan your code. Seenty never writes to your repositories or modifies any files.
See GitHub App Integration for full setup and troubleshooting details.
What Seenty scans
Seenty runs four specialized security scans on your repositories:
| Scan type | Finding Type | What It Detects |
|---|---|---|
| Secrets | Credentials | API keys, tokens, passwords, private keys, and other credentials committed to the repository |
| Dependencies | SCA / CVE | Known vulnerabilities in your dependencies by checking package manifests (package.json, requirements.txt, go.sum, etc.) |
| Infrastructure | IaC | Misconfigurations in Terraform, CloudFormation, Kubernetes manifests, and other infrastructure-as-code files |
| Dockerfile | Best practices | Security issues and best practice violations in Dockerfiles (e.g., running as root, using latest tag, missing health checks) |
Finding types
Each finding includes:
- Type:
secrets,sca_cve,iac, ordockerfile - Severity: Critical, High, Medium, Low, or Info
- File path: The exact file and line number where the issue was found
- Description: What the issue is and why it matters
- Remediation: How to fix the issue
Deduplication
Seenty deduplicates findings across scans. If the same issue is found in consecutive scans, it will not create a duplicate finding. Deduplication is based on a combination of the finding type, file path, and a content-derived fingerprint.
This means your findings list always shows the current state of your repository without noise from repeated detections.
Auto-resolution
When a finding is present in one scan but absent from subsequent scans, Seenty assumes the issue has been fixed. Findings that are not detected in the latest scan are automatically resolved after 7 days.
This ensures that your findings list stays current without requiring you to manually close every fixed issue.
Auto-resolution uses a 7-day grace period to account for cases where a finding might temporarily disappear (e.g., the file was moved, a branch was merged) and reappear in a subsequent scan.
Removing a repository
To stop scanning a repository, go to Assets > Repositories and toggle scanning off for that repository. To fully disconnect, remove the Seenty GitHub App from your GitHub organization or user settings.
Removing a repository from Seenty will remove all associated findings.