Risk-aware triggers
Run on authentication, authorization, billing, tenant, upload, webhook, parser, networking, and release-branch changes.
Trigger a ZeroQuarry source review from GitHub Actions, focus the investigation on the diff and adjacent data flow, then route validated results into tickets or reviewable fix pull requests.
The best PR security process flags consequential changes early, preserves the report outside ephemeral CI logs, and escalates only when the risk justifies deeper work.
Run on authentication, authorization, billing, tenant, upload, webhook, parser, networking, and release-branch changes.
Use Git history to focus agents on the diff while allowing investigation into callers, sinks, and business boundaries around it.
Tell ZeroQuarry what the change is meant to do, which boundary matters, and what failure would be consequential.
Challenge critical or expensive claims before asking engineering to stop the line.
Begin with visibility, then gate on the severity and confidence threshold your team has learned to operate.
Open tickets or bot-created PRs, preserve CI controls, and verify the finding after merge.
ZeroQuarry automates investigation and coordination. Your team keeps control of authorization, risk ownership, and production changes.
Dispatch a source scan with the repository URL, project identity, notes, and auto-delta enabled.
Review changed files and follow nearby data flow into the product’s sensitive boundaries.
Confirm evidence and product context before the result becomes a merge or release decision.
Route the fix, merge through normal controls, rescan, and record a verified retest.
Useful coverage should lead to faster decisions, cleaner remediation, and evidence that holds up when someone asks for it later.
Review a risky change before context is spread across later releases and unrelated refactors.
Tune policy around validated findings instead of blocking on every model suggestion.
Keep scans, findings, discussions, fixes, and retests with the product project instead of losing them in an individual CI run.
These are the product boundaries, controls, and operating details teams usually want to understand first.
Yes. Store a scoped Git credential in the account and reference its ID from the workflow. The generated workflow explains the setup.
Identical in-progress Git dispatches can be deduplicated, returning the existing scan so CI can follow it instead of starting duplicate work.
Exclude the ZeroQuarryBot branch namespace from the scan trigger to avoid a feedback loop. The product and docs provide the branch filter.
Use the free trial on your own product, then decide whether the resulting security work is useful enough to keep.