LevinDocs

Quickstart

Meet Levin — one autonomous AI security engineer. You don't navigate dashboards; you just tell Levin what you want, and it does the work. Here's your first scan in under two minutes.

1. Connect GitHub

Click Try Levin and sign in. SecureOS requests access to your repositories so Levin can clone them for a scan — we never push code or open PRs on your behalf without your instruction.

2. Just ask Levin

Open Levin and type a plain command. Levin understands intent — a narrow command runs exactly that, a broad goal mobilizes the whole team.

scan my-repo
am I SOC2 ready?
write a privacy policy for my app
secure my-repo

3. Levin plans & runs the work

Levin scopes the request as a CISO, delegates to the right department (AppSec, Red Team, IR, Threat-Intel, GRC), clones the repo, runs the real scanners, and triages every finding in the context of what your repo is — so false positives get filtered out before you ever see them. You watch it work, step by step, and can stop or steer it mid-task.

4. Review findings as cards

Results come back as severity cards (Critical / High / Medium / Low). Click a card to open the side panel, click a finding to expand the CVE/CWE, the vulnerable code, the fix, and why it matters for your repo. Documents (privacy policy, ToS) come back as downloadable artifacts; compliance comes back as a control matrix.

Free plan: Up to 4 connected repositories, unlimited scans, Levin's core AppSec department. Upgrade to Pro for unlimited repos, the full department roster, scheduled scans, and autonomous remediation.

Departments

Levin works like a security company. The CISO (Levin) delegates to specialist departments, each commanding real scanners. You talk to one engineer; a whole team does the work behind it.

SentinelFree

The core static analysis engine. Runs 50+ regex and AST-based patterns across Python, JavaScript, TypeScript, and IaC files. Detects injection, secrets, auth flaws, crypto misuse, BOLA/IDOR access control bugs, AI-specific vulnerabilities (prompt injection, slopsquatting), and infrastructure misconfigs.

AuditorFree

Dependency vulnerability scanner. Checks your package.json, requirements.txt, and pyproject.toml against the OSV.dev CVE database. Flags outdated packages with known exploits and supply chain risks.

ScoutPro

Pre-build threat modeler. Before you write a line of code, Scout maps your attack surface based on your tech stack and product description, surfacing the most likely attack vectors for your specific architecture.

PhantomPro

AI attack simulator. Runs a 4-phase simulation (Recon → Initial Access → Exploitation → Impact) against your codebase and generates a risk score from 0–10 with full attack chain breakdown. Shows you exactly how an attacker would chain your vulnerabilities.

CipherPro

Cryptographic audit agent. Inspects all encryption, hashing, key management, and token generation in your codebase. Flags weak algorithms, static IVs, Math.random() for secrets, and JWT misconfigurations.

ForgePro

Pre-launch auditor (formerly Launcher). Runs a 50-point checklist 48 hours before go-live: secrets rotation, rate limiting, backup verification, HTTPS enforcement, monitoring setup, and dependency freshness.

OracleFree

Security educator powered by Gemini. For each finding, Oracle produces a concrete code fix, explains why the vulnerability exists, links the relevant CWE, and teaches you the underlying security concept — personalized to your specific mistakes.

PR ReviewPro

Automated PR security review. When a pull request is opened, secureos-bot posts inline findings as GitHub comments — covering only the diff, not the full codebase, so reviews are fast and focused. Founding Members (first 20 users) get PR Review free forever on any plan.

Founding Member perk: The first 20 users to sign up get PR Review free forever on any plan — including Free. Check your plan page to see if you qualify.

PR Review

SecureOS integrates with GitHub to automatically scan pull requests when they are opened or updated. The Auditor agent analyzes only the diff — not the full codebase — so reviews are fast and focused on new issues introduced by the PR.

How it works

When a PR is opened against a connected repository, SecureOS receives a webhook event, fetches the changed files, runs Sentinel on the diff, and posts findings as inline review comments on the PR.

# Example PR comment from Auditor
🔴 Critical — SQL Injection (injection.sql_fstring) [CWE-89]

  query = f"SELECT * FROM users WHERE id = {user_id}"

Attacker can inject arbitrary SQL. Use parameterized queries:
  query = "SELECT * FROM users WHERE id = %s"
  cursor.execute(query, (user_id,))

Setup

PR review is automatically enabled for connected repositories on the Pro plan. No webhook configuration is required — SecureOS handles the GitHub App integration.

Pro feature. PR review requires the Pro or Team plan.Upgrade →

Playground

The Playground lets you scan any public GitHub repository without creating an account. It is the fastest way to see what SecureOS finds.

Usage

Navigate to secureos.dev/playground and enter a public GitHub repository URL. The scan runs server-side using Sentinel and returns results in seconds.

# Direct link to pre-scan a specific repo
https://secureos.dev/playground?repo=owner/repository

Share links

After a scan, click the Share button to copy a link that will automatically re-run the scan when opened. Useful for sharing security reports with your team.

The Playground scans the default branch. Private repositories require authentication and a connected account.

Security Checks

Sentinel runs 39+ checks across 8 categories. All checks include a CWE reference and a severity rating.

Injection6 checks
Eval Usagecritical
SQL Injection (concat)critical
SQL Injection (f-string)critical
OS Command Injectioncritical
Shell Subprocess Injectionhigh
Server-Side Template Injectionhigh
Secrets7 checks
OpenAI API Key Exposedcritical
AWS Access Key Exposedcritical
Stripe Live Key Exposedcritical
GitHub Token Exposedcritical
Private Key Blockcritical
Database Connection Stringcritical
High-Entropy Secrethigh
Auth6 checks
JWT Verification Disabledcritical
JWT Not Verifiedcritical
Hardcoded Admin Credentialscritical
MD5 Password Hashinghigh
Weak Secret Keyhigh
Auth Token in localStoragehigh
Crypto4 checks
RC4 Cipher Usagehigh
AES-ECB Modehigh
Static IV in Encryptionhigh
Math.random() for Tokensmedium
JWT3 checks
JWT Algorithm: Nonecritical
JWT Expiry Not Checkedhigh
Weak JWT Secrethigh
Config4 checks
CORS Wildcard (*)high
Debug Mode Enabledhigh
Insecure Cookiemedium
Admin Route Without Authhigh
Storage3 checks
S3 Public ACLcritical
Hardcoded Database URLcritical
Firebase Open Read/Writehigh
IaC6 checks
Privileged Containercritical
.env File Committedcritical
Secret in Env Variablecritical
Container Running as Roothigh
Host Network Modehigh
K8s Privileged Containercritical

API

Coming soon.The SecureOS REST API will allow you to trigger scans, retrieve findings, and integrate with your CI/CD pipelines programmatically.

Planned endpoints:

POST /api/v1/scans          # Trigger a scan
GET  /api/v1/scans/:id      # Get scan results
GET  /api/v1/findings       # List all findings
GET  /api/v1/repos          # List connected repos

# Authentication
Authorization: Bearer <your-api-key>

To get early API access or request a feature, contact us.