Virgil — audit the surface, never the keys. Paste a repo, get a ranked security audit in ~3 minutes.
initializing session…
- 01submit
paste a public or private github url, or drop a zip.
- 02scan
isolated sandbox runs static, dependency, and secret analysis; ai clusters and ranks what matters.
- 03fix this week
a ranked queue with plain-language explanations, full report exports, and chat grounded in your code.
add a fine-grained github token (contents + metadata · read) in pat_token. encrypted at rest, used only to clone, never sent to the llm.
// make it a habit: audit before code leaves your machine. leaked secrets and vulnerable deps are cheapest to catch before they hit github.
$ pipx install virgilhq $ virgil scan . # before you ship or push
same audit, straight from your working directory — with CI-friendly exit codes. cli docs
sandboxed · --network=none · your code never executes on our hosts · secrets redacted before storage or ai · audit-only — no exploits, ever
3 free audits · then from $2.00/audit · pricing