Create the Protect Your Vibes GitHub App

One click creates the App under your GitHub account. After you hit “Create,” GitHub redirects back to us with the App's credentials automatically — no copy-pasting.

What the App can do

Readfile contents, repo metadata, and PR diffs — needed to scan your code for leaked secrets and vulnerabilities.
Writeissues on your repo (optional) — so each critical finding becomes a trackable GitHub issue that auto-closes when the scanner confirms it's fixed.
Receive webhooks for push, pull_request, and install events — that's how the scanner knows to run.

What ships today (V3.1)

On every PR, we fetch the diff via the GitHub Apps API and log metadata (file paths, line counts) for the scanner.
Diff contentnever leaves the request. We don't persist or log source lines — only file/hunk locations.
Coming next (V3.2): the actual scan + a Check posted back on your PR with findings. This stream is the receive-and-fetch half; the post-back half ships in the next release.

What it can NOT do

Push commits to your repo. Ever. No write access to contents.
Access any repo you don't explicitly grant it after creation.
Read anything outside the scopes listed above.

You'll be taken to GitHub. After you click “Create App,” GitHub sends you right back here and we'll finish the setup.

Prefer to install on a GitHub organization instead of your personal account? Pick the org first then re-submit the form from there.