Getting Started
LegacyCode MRI scans your GitHub repositories for security vulnerabilities, secrets, and code quality issues — giving you an actionable risk score in minutes.
Sign in with GitHub
Click Sign in with GitHub on the login page. We request read access to your repositories to fetch the list and clone them for scanning.
Connect a repository
Go to Repositories → Connect repo. A modal will show all your GitHub repos (public and private). Click Add next to any repo to connect it.
Run your first scan
Open the repository and click Start Scan. The scanner clones your repo, runs Trivy, Gitleaks, and Semgrep in parallel, then computes a risk score. Scans typically take 1–5 minutes.
Review findings
Once complete, the scan page shows your risk score, all findings grouped by severity, and an AI-generated summary of the most important issues.
Auto-scan on push — if webhook setup succeeds, future pushes to your default branch trigger scans automatically. Webhooks require your OAuth token to have admin:repo_hook scope.