Free DevEx Audit · Powered by AI
Score your engineering platform in 10 seconds.
Point us at a GitHub repo. We scan for CI maturity, security gaps, governance, and documentation health — then surface the exact fixes a senior platform engineer would prioritize.
No credit card Read-only token AI mitigation plan
Why this scan exists
“Documentation that doesn't live in the repository next to the code isn't documentation. It's a wishlist that was already out of date the day it was published.”
What we check
18 signals across 5 dimensions
CI/CD
- Workflow count
- Reusable workflows
- Release cadence
- Build matrix
Security
- Dependabot
- CodeQL
- Secret scanning
- SECURITY.md
Governance
- Branch protection
- CODEOWNERS
- Required reviews
- Signed commits
Documentation
- README depth
- CONTRIBUTING
- LICENSE
- TechDocs
Activity
- Commit cadence
- Issue hygiene
- PR lead time
- Release frequency
Your token never leaves the request
We use your GitHub PAT to call the public GitHub REST API server-side, then drop it. It is never logged, stored, or persisted. The scan results are cached for 5 minutes by repo slug — no token, no email, no PII. Use a fine-grained PAT scoped to a single repo if you want to minimize blast radius.