Private Repo Scanning

Scan private GitHub repositories for MCP security issues. Requires a Pro subscription and the MCPShield GitHub App.

Prerequisites

1Pro subscription — private repo scanning is a Pro-only feature. Upgrade here.
2MCPShield GitHub App installed on the repository (or the whole organization). Installation guide.

Step-by-step

Upgrade to Pro — go to /pricing and complete the Stripe checkout. Your account is upgraded instantly.
Install the GitHub App — visit /docs/github-app for detailed instructions. You can grant access to specific repositories or your entire organization.
Scan your repo — paste the GitHub URL (e.g. https://github.com/your-org/private-repo) into the scan form on the dashboard. MCPShield will automatically use the GitHub App token to access the code.
Review results — the scan report shows the same grade, score, and findings as public repo scans. Private repo results are never added to the public database.

Privacy

MCPShield requests read-only access to repository contents. Your source code is streamed during the scan and is not stored. Private scan results are visible only to you and are never published to the MCPShield database or dataset.

FAQ

“Private repo scanning requires a Pro subscription”

You are on the Free tier. Upgrade to Pro at /pricing to unlock private repo scanning.

“MCPShield doesn't have access to this repo”

The MCPShield GitHub App is not installed on this repository. Install it from the GitHub App page and make sure the target repo is selected during installation.

“Failed to authenticate with GitHub”

A temporary error obtaining a GitHub token. Wait a moment and try again. If it persists, reinstall the GitHub App.