Secbez Docs

FAQ

Frequently asked questions about Secbez — scanning, results, privacy, false positives, and supported languages.

General

What is Secbez?

Secbez is an AI-powered application security scanner that integrates with GitHub to find vulnerabilities in your code. It combines pattern-based detection with AI analysis to produce high-confidence findings with low false-positive rates.

How is Secbez different from other security scanners?

Most static analysis tools produce hundreds of findings, many of which are false positives. Secbez validates every finding through adversarial AI debate before surfacing it, which dramatically reduces noise. Every finding includes evidence and remediation guidance.

Does Secbez modify my code?

No. Secbez has read-only access to your code. It never pushes commits, creates branches, or modifies files. The only write action is creating Check Runs on pull requests to display scan results.

Scanning

How long does a scan take?

PR scans typically complete in 1-3 minutes. Full repository scans take 3-10 minutes depending on repository size and complexity.

What triggers a scan?

Scans are automatically triggered when a pull request is opened or updated. You can also trigger full repository scans manually from the dashboard.

Can I scan private repositories?

Yes. Secbez supports both public and private repositories. Your code is processed securely and is not stored after the scan completes.

Results

What does "needs review" mean?

Some findings can't be automatically confirmed or rejected — the evidence is ambiguous. These findings are preserved for human review. They may be real vulnerabilities or false positives; a developer familiar with the codebase should evaluate them.

What does "completed with errors" mean?

The scan finished and produced valid findings, but some non-critical analysis steps encountered issues (usually timeouts). Affected findings are flagged for manual review instead of being auto-validated. No findings are dropped.

How do I reduce false positives?

  • Suppress known false positives from the dashboard
  • File false positive reports so we can improve detection

Privacy & Security

Is my code stored?

Code is processed in memory during scanning and is not persisted after the scan completes. Only the findings, metadata, and code snippets referenced in findings are stored.

Who can see my scan results?

Scan results are visible only to authenticated users who have access to the repository through your GitHub organization.

On this page

GeneralWhat is Secbez?How is Secbez different from other security scanners?Does Secbez modify my code?ScanningHow long does a scan take?What triggers a scan?Can I scan private repositories?ResultsWhat does "needs review" mean?What does "completed with errors" mean?How do I reduce false positives?Privacy & SecurityIs my code stored?Who can see my scan results?