Documentation

Launchioo product documentation

Launchioo is a GitHub security scanning platform that detects secrets, SSRF, CSRF, injection flaws, exploit chains, and supply-chain risks directly inside pull requests before code is merged. View features, compare plans, or install the GitHub App.

GitHub pull request scanning

Launchioo installs as a GitHub App and scans added and changed lines on each pull request. Results appear as check runs, PR comments, and optional inline review comments.

Secret detection

Deterministic rules flag API keys, tokens, private keys, and other credentials in PR diffs before they reach the default branch.

SSRF detection

Rules identify server-side requests that use user-controlled URLs, hosts, or paths — common Server-Side Request Forgery patterns in application code.

CSRF detection

Launchioo checks for missing or weak cross-site request forgery protections on state-changing routes introduced or modified in pull requests.

Exploit-chain analysis

Multi-step exploit chains and taint flow are analyzed across changed files. Free plan reports chain depth up to 2 hops; Pro includes full path depth.

Supply-chain scanning

Pull request diffs are checked for risky dependency changes, unsafe package sources, and supply-chain patterns in CI and build configuration.

Full repository audits

Beyond PR diffs, Launchioo can scan the entire default-branch codebase. Free includes one audit per month (UTC); Pro includes unlimited audits.

Merge-blocking policies

Pro posts FAIL check conclusions compatible with branch protection when critical findings exceed configured thresholds. Free reports findings as advisory checks.

Product FAQ

What is Launchioo?
Launchioo is a GitHub security scanning platform that detects secrets, SSRF, CSRF, injection flaws, exploit chains, and supply-chain risks directly inside pull requests before code is merged.
Can Launchioo scan GitHub pull requests?
Yes. Launchioo installs as a GitHub App and scans added and changed lines on each pull request. Results appear as GitHub check runs, PR comments, and optional inline review comments.
Does Launchioo detect SSRF vulnerabilities?
Yes. Launchioo includes deterministic SSRF rules that flag server-side requests to user-controlled or unexpected destinations in pull request diffs.
Does Launchioo block risky merges?
On the Pro plan, Launchioo can post FAIL check conclusions that block merges when branch protection requires passing checks. The Free plan reports findings as advisory checks without merge blocking.
Can Launchioo detect exploit chains across files?
Yes. Launchioo analyzes multi-step exploit chains and taint flow across changed files. Free plan reports are limited to 2 hops; Pro includes full path depth.

See the product documentation and pricing for plan details.