Zerobranch

What is Zerobranch?

Zerobranch is a powerful tool designed to enhance security in software development by scanning GitHub repositories^[1] for potential vulnerabilities. It allows users to connect their GitHub accounts and scan both public and private repositories, providing a centralized workspace to review prioritized security findings. With its focus on actionable results, Zerobranch helps teams identify high-impact security issues before they can affect software releases, ensuring a robust security posture for modern engineering organizations.

How to use Zerobranch?

1. Select workspace and source: Start by picking your personal or organizational workspace, then choose a public GitHub URL or a connected private repository.
2. Configure and run scan: Select an available scan profile, confirm the included checks, and optionally set a specific branch or reference before launching the scan.
3. Prioritize and report: After the scan is complete, review the severity-ranked findings, check coverage details, and export reports for further analysis and team handoff.

What are the main features of Zerobranch?

• Public and private scan inputs: Easily scan public GitHub repositories or connected private repositories within your workspace.
• Configurable scan profiles^[3]: Choose from various scan profiles tailored to your needs, including clear checks and plan-aware gating.
• Workspace-scoped access control: Ensure that repository access, scans, and reports adhere to workspace membership and permission rules.
• Actionable findings: Review findings grouped by severity, complete with remediation guidance and evidence context for efficient triage.
• Reports and exports: Generate in-app reports, export findings in CSV/TSV format, and download PDF reports when available.
• Large repository coverage: Use bounded scan windows and continuation controls to analyze large repositories effectively.

Who is Zerobranch for?

Zerobranch is primarily targeted at software developers, security teams, and engineering organizations looking to enhance their security measures during the software development lifecycle. It is particularly beneficial for teams that manage both public and private GitHub repositories, allowing them to proactively identify and address security vulnerabilities before software releases. Independent builders and small startups can also leverage Zerobranch to ensure their projects maintain a strong security posture from the outset.

What are the use cases of Zerobranch?

1. Pre-release vulnerability assessment^[2]: Use Zerobranch to scan your codebase for vulnerabilities before deploying new software versions to production.
2. Continuous security monitoring: Regularly scan connected repositories to identify newly introduced security issues as part of an ongoing security strategy.
3. Compliance and auditing: Generate exportable reports for compliance audits, ensuring that your software meets industry security standards.