Try it without an account
The fastest path: go to shadowops.in and paste any public GitHub URL in the hero input. Hit Scan it — no signup required.
You'll land on the scan page and watch it work in real time: cloning, running rules, detecting patterns, building the report. A typical repo finishes in under 30 seconds.
Create an account
To save scan history and connect private repositories, create a free account. You can sign up with email and password, or via GitHub, Google, or another OAuth provider.
Connect a repo or upload files
Three ways to get code into ShadowOps:
- Paste a URL — Works for any public GitHub, GitLab, or Bitbucket repo. No connection needed.
- Connect via OAuth — Authorize ShadowOps read-only access to your account. Unlocks private repos.
- Upload files — Drag-and-drop a zip of your project. Useful when you can't share a URL.
Run a scan
Inside a project, click Scan in the sidebar and hit Run scan. You'll watch the progress in real time:
- ✓ Cloning repository
- ✓ Running regex scanner
- ✓ Detecting patterns
- ✓ Scoring findings
- ✓ Building report
Read your results
When the scan finishes you'll see your verdict.
| Colour | Score | Meaning |
|---|---|---|
| Green | 80–100 | No significant issues found |
| Yellow | 40–79 | Some issues worth reviewing |
| Red | 0–39 | Critical or high-severity issues — not safe to ship |
Fix something and re-scan
Each finding tells you the exact file and line, what the problem is in plain English, and exactly what to do about it — not just “sanitize your inputs.”
Make the fix, commit it, and run a new scan. Over time your score should move from red toward green. View all past scans in History to track your progress.
Label findings (optional)
After reviewing a finding you can mark it Real issue or Not a problem. Labels help ShadowOps learn which rules produce false positives in real code.