[ 000 ] THE PROTOCOL

AuditCodefromCommit.

Four detectors. One pipeline. Claude-graded reports. OTONOMI scans your GitHub repositories for secrets, CVEs, OWASP vulnerabilities, and exposed config — surfacing an executive-grade remediation plan in minutes. We are not a linter. We are a correction.

Initiate Scan
POWERED BY CLAUDE SONNET 4.5///OSV.DEV CVE DATABASE///GITHUB API V4///SUPABASE POSTGRES + RLS///CLOUDFLARE WORKERS EDGE///OWASP TOP 10 COVERAGE///POWERED BY CLAUDE SONNET 4.5///OSV.DEV CVE DATABASE///GITHUB API V4///SUPABASE POSTGRES + RLS///CLOUDFLARE WORKERS EDGE///OWASP TOP 10 COVERAGE///
[ 001 ] / DOCTRINE
O

Code review is a hobby.
This is security.

Most scanners optimize for noise. Noise is the enemy of action.
01_THESIS

Code is not static — it changes, and so does its attack surface. A repository that is never re-scanned is a repository silently accumulating exposure, one comfortable Tuesday at a time. OTONOMI is engineered on continuous detection.

02_METHOD

Four detectors execute in parallel against every commit. Secrets, CVEs, OWASP patterns, and exposed config — surfaced by Claude Sonnet 4.5 with concrete remediation steps and line-level evidence. Hard science. Hard removal.

  • False PositivesTuned out
  • Token LeaksEncrypted
  • SAST NoiseStrict severity
Moise Kenge
FOUNDER & CTO · SECURITY+ · OSINT
[ 002 ] / DETECTORS

Six Detectors.
One Pipeline.

Every scan runs the full pipeline in parallel against your repository. Explore the terminal to view detector specifications.

DETECTOR_INDEX_OS_V2
SELECT DETECTOR01 / 06
SPECIFICATION SHEET ONLINE
DECRYPTING...
DET-01 // ACTIVE

SECRET SCANNER

High-entropy regex matching against 40+ token patterns: AWS keys, Stripe secrets, GitHub PATs, Slack webhooks, JWTs. Severity-graded with line-level evidence and full commit history.

PATTERNS
40+ TOKENS
SCAN TIME
<3s / MB
ACCURACY
99.4%
[ 003 ] / ARCHITECTURE

Six Layers.
Zero Friction.

ARCH-01 / SCAN ENGINE[ 4 DETECTORS ]

THE PIPELINE

Four detectors run in parallel against every file. Severity grading by category. Zero shared state between scans. Crash-isolated so a single broken regex never takes the system down.

ARCH-02 / DATABASE[ POSTGRES + RLS ]

DATA LAYER

Supabase with row-level security on every table. Findings encrypted at rest. Full audit trail on every scan.

ARCH-03 / AI LAYER[ CLAUDE SONNET ]

REMEDIATION

Claude generates risk summaries and next actions. Streams to the UI. Caches identical queries.

EXPLORE SYSTEM DIAGRAM
ARCH-07 / WORKER QUEUE[ ASYNC + RETRY ]

ORCHESTRATION

In-memory job queue with phase tracking (validating → fetching → analyzing → summarizing). Crash-recoverable. Designed for horizontal scale.

Data.
[ 004 ] / IMPACT

Production data. Aggregated across active customer repos in the last 90 days.

CRITICAL FINDINGS / SCAN
0.0AVG

First-scan average across customer cohort, N=214 repos.

FALSE POSITIVE RATE
-0%

Manual review against synthetic ground truth, N=8,412 findings.

DEV REMEDIATION RATE
0%

Devs who shipped a fix for a CRITICAL finding within 7 days of the report.

[ 005 ] / GET STARTED

Three tiers.
One standard of detection.

TIER-FREE

THE WATCH

1 REPO

Connect one repository. Run unlimited scans. Full 4-detector pipeline with AI remediation. Ideal for solo founders and side projects.

FREE
START FREE
TIER-TEAM // MOST POPULAR

THE STANDARD

UNLIMITED REPOS

Connect your whole GitHub org. Continuous scanning on every push. Priority queue. Built for small teams that ship daily.

  • Continuous PR Scanning
  • Slack + Email Alerts
  • Historical Diff Reports
$ 49 / MO
START 14-DAY TRIAL
TIER-ENTERPRISE

THE FORTRESS

ORG-WIDE

SSO, audit logs, SOC2 reports, dedicated detector tuning, and a direct line to security engineering. Reserved for compliance-bound teams.

$ 499+ / MO
TALK TO US
URGENT NOTIFICATION
Free tier limited to the first 500 teams. 247 spots remaining.
RESERVE SPOT