Get started

See real findings before you pick a tier.

Pick your way in: the GitHub App, the olydi scan CLI, or the composite Action. You'll see your first finding in under three minutes. If a path isn't published yet, it routes you to early access — never a dead button.

npx @olydi/cli scan

GitHub App

Live

Install once. Check runs and a sticky comment on every pull request, with findings mirrored to the Security tab.

Install GitHub App

CLI

Live

Run the scan from a terminal or a pre-push hook. Authenticate once, then scan on demand with SARIF output.

npx @olydi/cli scan

Composite Action

Live

Add one step to your workflow. Scans on pull requests and uploads SARIF to the Security tab.

Add the GitHub Action

CLI

Run a scan from your terminal.

Authenticate once, then scan on demand or from a pre-push hook. Output is SARIF, so it drops straight into your existing pipeline.

npx @olydi/cli scan

Composite Action

Add one step to your workflow.

The Action scans on pull requests and uploads SARIF to the Security tab. It gates the merge on exploit-reachable findings only.

# .github/workflows/olydi.yml
- uses: olydi/olydi-action@v2
  with:
    fail-on: high
    upload-sarif: true

SARIF to the Security tab

Findings land where your team already triages.

Every scan emits standard SARIF. The GitHub App and the Action both upload it, so findings appear in the GitHub Security tab next to your other code-scanning alerts, with check runs and a sticky PR comment.

  • Standard SARIF output
  • Security-tab mirror
  • Check runs on every PR
  • Sticky PR comment summary

detected stack

React 18Node 2047 of 115 capabilities apply

OLYDI fingerprints the repository and runs only the capabilities that match, so you see a focused finding set in under three minutes.

How it worksSee a fix