← back
About RepoWave

Repository hygiene for private Python services.

RepoWave is built for small teams and solo maintainers who want continuous review signals without exposing source code or adopting a broad security platform.

What RepoWave does

RepoWave connects as a GitHub App, listens for repository events, scans the pushed commit, and reports narrow code-quality findings back in GitHub. The product focuses on Python, FastAPI, GitHub Actions, and Docker hygiene because those are common sources of drift in service repositories.

Why it exists

Many repository scanners either require a large dashboard rollout or try to cover every security category. RepoWave takes the opposite path: it keeps the workflow GitHub-native, keeps findings close to the commit, and only opens draft pull requests for mechanical fixes that are safe to review.

Private-repo first

The hosted service does not require your project to be public. Repository access is granted through GitHub App permissions, and source trees are fetched for analysis only. RepoWave is designed to delete fetched source after the scan and retain only operational metadata and finding records needed to show results, troubleshoot issues, and enforce plan limits.

Human review stays in charge

RepoWave never self-merges changes. Draft pull requests stay draft until a maintainer reviews them. Higher-risk areas such as secrets, authentication, authorization, migrations, CI permissions, deployment configuration, and environment files are advisory-only or excluded from automated fixes.

Who it is for

Current status

RepoWave is early-stage software. The public site documents the current scope, support path, privacy posture, and terms so reviewers, customers, and crawlers can understand what the product does before installation.

Contact

Questions, security reports, and billing requests go to support@repowave.dev. For security reports, use the subject prefix SECURITY:.