Frequently asked questions
Clear answers before you trust us with a scan.
These are the questions teams usually ask before they run the first review: what gets scanned, what gets stored, how GitHub works, and what changes across plans.
Does Sivero store my code?
No. Sivero stores the report, findings, and scan metadata attached to your account. It does not keep a permanent copy of your raw pasted code or ZIP contents as part of report history.
Can I scan private GitHub repositories?
Yes. Every plan can connect the GitHub App and scan repositories you explicitly install it on, including private repositories. Plus and Pro also unlock repeat schedules for connected repositories.
What kinds of issues does it look for?
Sivero focuses on high-signal security risks like exposed secrets, auth gaps, unsafe browser access, missing validation, risky workflows, storage exposure, and dependency issues.
What is the difference between quick scans and advanced scans?
Quick scans are faster and designed for a lighter pass across the codebase. Advanced scans take longer, inspect more of the code, and are better when you want a deeper report before release. Paid tiers include actionable fix steps on both scan types, while Free quick scans show findings without the step-by-step fix guidance.
Will I get too many alerts?
The product is designed to prioritize the highest-signal issues first. Email alerts are best used for scheduled scans and serious blockers rather than every manual scan you are already watching live.
Still unsure?
Start with the free plan or ask us first.
You can try Sivero without a paid plan, and if something still feels unclear, we're happy to answer product questions directly.