Secbez Docs

Introduction

Secbez documentation — learn how to scan your code for security vulnerabilities, understand findings, and fix issues before they ship.

Secbez scans your GitHub repositories for security vulnerabilities — from injection flaws and cross-site scripting to broken access control and business logic bugs.

Unlike traditional static analysis tools that flood you with false positives, Secbez uses a multi-layered detection approach that combines pattern-based scanning with AI-powered analysis to validate findings before surfacing them.

How it works

Connect your repository Install the Secbez GitHub App and select the

repositories you want to protect.

Code gets scanned automatically Every pull request triggers a security

scan. You can also run full repository scans on demand.

Review actionable findings Each finding includes the vulnerable code, an

explanation of the risk, and guidance on how to fix it. Results appear directly in your GitHub pull request as check run annotations.

What Secbez detects

Secbez covers a wide range of vulnerability categories:

  • Injection — SQL injection, command injection, template injection
  • Cross-site scripting (XSS) — reflected, stored, and DOM-based XSS
  • Broken access control — missing authorization, privilege escalation
  • IDOR — insecure direct object references where users can access other users' data
  • Authentication issues — missing auth on sensitive endpoints, weak session handling
  • Business logic flaws — race conditions, workflow bypasses, state manipulation
  • Secrets — hardcoded API keys, tokens, and credentials in source code

Key capabilities

Low false-positive rate

Findings are validated through adversarial debate before being surfaced. Only confirmed vulnerabilities make it to your dashboard.

Fix guidance included

Every finding comes with an explanation of the vulnerability and actionable remediation guidance.

GitHub native

Results appear as GitHub Check Runs with inline code annotations. No context switching required.

Noise suppression

Baseline tracking, server-side suppression, and smart deduplication keep your results clean.

On this page

How it worksConnect your repository Install the Secbez GitHub App and select theCode gets scanned automatically Every pull request triggers a securityReview actionable findings Each finding includes the vulnerable code, anWhat Secbez detectsKey capabilities