Documentation
Launchioo product documentation
GitHub pull request scanning
Launchioo installs as a GitHub App and scans added and changed lines on each pull request. Results appear as check runs, PR comments, and optional inline review comments.
Secret detection
Deterministic rules flag API keys, tokens, private keys, and other credentials in PR diffs before they reach the default branch.
SSRF detection
Rules identify server-side requests that use user-controlled URLs, hosts, or paths — common Server-Side Request Forgery patterns in application code.
CSRF detection
Launchioo checks for missing or weak cross-site request forgery protections on state-changing routes introduced or modified in pull requests.
Exploit-chain analysis
Multi-step exploit chains and taint flow are analyzed across changed files. Free plan reports chain depth up to 2 hops; Pro includes full path depth.
Supply-chain scanning
Pull request diffs are checked for risky dependency changes, unsafe package sources, and supply-chain patterns in CI and build configuration.
Full repository audits
Beyond PR diffs, Launchioo can scan the entire default-branch codebase. Free includes one audit per month (UTC); Pro includes unlimited audits.
Merge-blocking policies
Pro posts FAIL check conclusions compatible with branch protection when critical findings exceed configured thresholds. Free reports findings as advisory checks.
Product FAQ
- What is Launchioo?
- Launchioo is a GitHub security scanning platform that detects secrets, SSRF, CSRF, injection flaws, exploit chains, and supply-chain risks directly inside pull requests before code is merged.
- Can Launchioo scan GitHub pull requests?
- Yes. Launchioo installs as a GitHub App and scans added and changed lines on each pull request. Results appear as GitHub check runs, PR comments, and optional inline review comments.
- Does Launchioo detect SSRF vulnerabilities?
- Yes. Launchioo includes deterministic SSRF rules that flag server-side requests to user-controlled or unexpected destinations in pull request diffs.
- Does Launchioo block risky merges?
- On the Pro plan, Launchioo can post FAIL check conclusions that block merges when branch protection requires passing checks. The Free plan reports findings as advisory checks without merge blocking.
- Can Launchioo detect exploit chains across files?
- Yes. Launchioo analyzes multi-step exploit chains and taint flow across changed files. Free plan reports are limited to 2 hops; Pro includes full path depth.
See the product documentation and pricing for plan details.