Early access · Building in public

Every PR.
Scanned. Before merge.

SecurePR runs Checkov, Semgrep, TruffleHog, and Grype on every pull request — then posts a BLOCK / REVIEW / PASS verdict as a PR comment. DORA, FCA, FINMA, and SWIFT compliance mapping included.

SecurePR — scanning feat/add-s3-storage
How it works

Three steps. Two minutes.

Add SecurePR to any GitHub repo without changing your workflow.

01

Generate an API key

Go to the onboarding page, enter your GitHub org and email, pick a plan. You get a key instantly.

api.securepr.dev/onboarding
02

Add the GitHub Action

Download securepr.yml and drop it in .github/workflows/. Add your key as a repo secret.

SECUREPR_API_KEY → repo secrets
03

Open a PR — get a verdict

SecurePR scans the branch, runs AI triage, and posts a BLOCK / REVIEW / PASS comment automatically.

Under 60 seconds per scan
Features

Everything in one verdict

Four scanners, AI triage, and compliance mapping — all from a single GitHub Action.

🔍

Checkov

IaC misconfiguration scanning across Terraform, CloudFormation, Kubernetes, and Helm.

🔐

TruffleHog

Secret detection in code history and diffs. AWS keys, tokens, passwords — verified before flagging.

🧩

Semgrep

Code pattern scanning for security anti-patterns in Python, Go, JavaScript, and more.

📦

Grype

CVE scanning against the NVD. Finds vulnerabilities in your dependencies and container images.

🧠

AI triage

GPT-4o summarises every finding in plain English. Developers understand the risk immediately.

⚔️

STRIDE modelling

Every finding is classified by STRIDE category — Spoofing, Tampering, Repudiation, Information Disclosure, DoS, Elevation of Privilege.

📋

Compliance mapping

Findings mapped to DORA Article 19, FCA SYSC 8, FINMA RS 2023/1, and SWIFT CSCF v2024.

🔄

Baseline filtering

Only new findings are surfaced on each PR. Existing issues don't create noise on every commit.

What you actually see

This is the PR comment

Every pull request gets a structured verdict. Your team knows exactly what to do.

feat/add-s3-storage — Pull Request #142
SP
securepr-bot
commented 8 seconds ago
🚫 SecurePR — 🔴 BLOCK
🤖 AI Security Analysis
Critical information disclosure risk detected. The S3 bucket is publicly readable — this exposes potentially sensitive customer data and triggers DORA reporting obligations under EU 2023/2564 Article 19. Block this merge immediately. Restrict bucket ACLs and add a aws_s3_bucket_public_access_block resource before re-review.
Metric Count
Total findings 8
Critical / High 5
Medium 3
DORA reportable 2
CKV_AWS_S3_PUBLIC_ACCESSHIGH
S3 bucket ACL allows public read access
File: modules/storage/main.tf:12
STRIDE: Information Disclosure · DORA: ⚠️ Reportable
CKV_AWS_S3_ENCRYPTIONHIGH
S3 bucket does not have server-side encryption enabled
File: modules/storage/main.tf:8
STRIDE: Information Disclosure
Compliance status:
DORA ⚠️ Action required FCA SYSC ⚠️ Review FINMA ⚠️ Review SWIFT ✓ Clear
🔒 Powered by SecurePR · Checkov · Semgrep · TruffleHog · Grype · STRIDE · GPT-4o · Scanned at 2026-06-15 11:47 UTC
Comparison

Every tool gives you findings.
SecurePR gives you a decision.

Capability Checkov (DIY) Snyk SecurePR
Automatic PR comment
BLOCK / REVIEW / PASS verdict
AI plain-English summary
STRIDE threat classification
DORA Article 19 mapping
FCA / FINMA / SWIFT mapping
Secret scanning (Go binary)
Baseline noise filtering
Starting price Free (DIY setup) $25/mo Free tier
Compliance

Built for regulated industries

Every finding is mapped to the frameworks your auditors care about.

🇪🇺
DORA

EU Digital Operational Resilience Act. Article 19 incident reporting obligations flagged per finding.

🇬🇧
FCA SYSC

UK Financial Conduct Authority systems and controls requirements mapped at finding level.

🇨🇭
FINMA RS 2023/1

Swiss Financial Market Supervisory Authority operational risk circular requirements.

💳
SWIFT CSCF v2024

Customer Security Controls Framework mandatory and advisory controls coverage.

Pricing

Start free. Scale when you need to.

No credit card required on the Starter plan. Cancel Team or Pro anytime.

Starter
Personal & open-source
Free
 
  • 5 scans per day
  • All 4 scanners
  • BLOCK / REVIEW / PASS verdict
  • PR comment posting
  • 7-day threat history
Most popular
Team
Startups & scale-ups
£99/mo
Up to 50 repositories
  • Unlimited scans
  • All Starter features
  • AI triage summaries
  • STRIDE classification
  • DORA / FCA mapping
  • Slack notifications
  • 30-day history
Pro
Growing fintech
£249/mo
Unlimited repositories
  • All Team features
  • FINMA / SWIFT mapping
  • PDF compliance reports
  • REST API access
  • GitLab support
  • 90-day history
  • Priority support
Enterprise
Banks & large fintech
Custom
 
  • All Pro features
  • On-premise deployment
  • SSO / SAML
  • RBAC
  • Custom compliance frameworks
  • SLA guarantee
  • 24/7 support

Scan your first PR today

Free tier. No credit card. Takes 2 minutes to set up.

No spam. Unsubscribe anytime.