Skip to main content

What is SecAlly?

SecAlly is a GitHub-native security scanner for mobile app codebases. It reviews iOS and Android changes as part of code review, then posts actionable findings back to GitHub where developers already work. SecAlly is designed for small teams and growing businesses that ship frequently and want meaningful mobile AppSec coverage without a dedicated security team or a heavyweight setup process.

How It Fits Your Workflow

  • Pull request scanning: Open a PR and SecAlly scans the changes and comments on the PR with findings and remediation guidance.
  • Full repository scanning: Open a GitHub issue that mentions @SecAllyApp and asks to scan the repo. SecAlly posts the results in the issue thread.

What You Get

  • Mobile-focused findings mapped to OWASP Mobile Top 10, CWE, and CVSS severity.
  • High-confidence results designed to reduce noise in code review.
  • Explanations and next steps intended for developers (not just security specialists).

Supported Stacks

  • iOS: Swift, Objective-C
  • Android: Kotlin, Java
  • Cross-platform: React Native, Flutter

Important Notes

SecAlly helps teams identify and address potential security vulnerabilities earlier in the development lifecycle. Like all automated security tools, it does not guarantee that your code or systems are free of vulnerabilities. Findings should be reviewed, validated, and addressed as part of your standard engineering and security processes. Next: read the Overview and follow Onboarding.