tty/0·uid=audit gid=audit

Virgil — audit the surface, never the keys. Paste a repo, get a ranked security audit in ~3 minutes.

stdin

initializing session…

how_it_works()
  1. 01
    submit

    paste a public or private github url, or drop a zip.

  2. 02
    scan

    isolated sandbox runs static, dependency, and secret analysis; ai clusters and ranks what matters.

  3. 03
    fix this week

    a ranked queue with plain-language explanations, full report exports, and chat grounded in your code.

private repos

add a fine-grained github token (contents + metadata · read) in pat_token. encrypted at rest, used only to clone, never sent to the llm.

before you push

// make it a habit: audit before code leaves your machine. leaked secrets and vulnerable deps are cheapest to catch before they hit github.

$ pipx install virgilhq
$ virgil scan . # before you ship or push

same audit, straight from your working directory — with CI-friendly exit codes. cli docs

sandboxed · --network=none · your code never executes on our hosts · secrets redacted before storage or ai · audit-only — no exploits, ever

3 free audits · then from $2.00/audit · pricing