Does SecOpsium ask for a GitHub personal access token?
SecOpsium is designed around an authorized GitHub workflow rather than asking users to paste a personal access token into the product.
SecOpsium should only scan repositories the user owns or is explicitly authorized to assess. The GitHub workflow is designed around scoped repository access instead of shared personal tokens.
SecOpsium connects to GitHub through an authorized GitHub workflow. Users choose the repository scope they want SecOpsium to access.
For private repositories, access depends on the permissions granted through that GitHub authorization. SecOpsium should not be used to scan anything outside that authorized scope.
Scoped access reduces unnecessary exposure. The product does not need a user's personal access token pasted into the dashboard to run normal GitHub-backed scans.
This also gives teams a familiar revocation path through GitHub if they want to remove access.
The open-source CLI gives technical users a way to inspect local scanning behavior separately from the SaaS.
The CLI is useful, but the SaaS is still valuable because it adds hosted execution, team visibility, reports, and scan history.
SecOpsium is designed around an authorized GitHub workflow rather than asking users to paste a personal access token into the product.
Yes. Repository visibility depends on the scope authorized through GitHub. Teams should grant access only to repositories they want SecOpsium to assess.
Yes. Users can revoke or disconnect the GitHub authorization when they no longer want SecOpsium to access the selected repositories.