Skip to main content
A code audit in Neo goes beyond pattern matching. Neo reads your repository, maps the architecture, traces data flows end to end, and validates whether identified vulnerabilities are actually exploitable in your running environment. The result is a focused set of confirmed findings with evidence, not a list of theoretical warnings. Use this for a full security review of a repository, a specific branch, or an open pull request. Click Code audit from the Neo home screen to open the workflow form.

Set the scope

1

Enter your repository URL

Paste the full repository URL, for example https://github.com/org/repo. This is the only required field.If your repository is private, make sure it is connected in Settings → Integrations → GitHub before starting, or provide your GitHub token as a secret.
2

Specify a branch or PR (optional)

By default Neo audits the main branch. To scope the review to a specific branch or pull request, enter it here — for example feature/auth or PR #42.
3

Define focus areas (optional)

Tell Neo which parts of the codebase to prioritize: for example, authentication, payment processing, API endpoints, or file uploads. Without this, Neo audits the full repository, which is thorough but takes longer.
4

Add credentials (optional)

Add any required credentials in Settings → Secrets before starting.
Click Start audit when ready. When the audit completes, ask Neo to walk through any finding in detail, explain the data flow that leads to a vulnerability, or dig into a specific area of the codebase you want to understand better.
Neo can combine the code audit with dynamic testing against a staging or internal environment, validating findings in a running instance rather than code alone.If you don’t have an environment set up, Neo’s deploy agent can spin up your application inside an isolated sandbox and test it there.