LegacyFixer
Security model
LegacyFixer is designed around GitHub sign-in, repository-level settings, trial limits, and review-first changes.
Access model
- LegacyFixer is installed only on repositories selected during GitHub App installation.
- You can uninstall the GitHub App or remove repository access at any time from GitHub settings.
- The first scan should use passive monitoring.
- Pull request creation is optional and controlled per repository.
- LegacyFixer does not auto-merge pull requests.
Repository handling
LegacyFixer scans dependency files and records operational scan results. During trial, use repositories you are comfortable evaluating in a dependency-maintenance workflow.
Do not submit secrets, private logs, tokens, confidential source code, or production-sensitive repositories for an initial onboarding run.
Security reports
To report a suspected security issue, email contact@legacyfixer.ai with the subject “LegacyFixer security report”.
Please include a concise description, affected URL or repository if applicable, reproduction steps if safe to share, and your contact address.