LegacyFixer

Security model

LegacyFixer is designed around GitHub sign-in, repository-level settings, trial limits, and review-first changes.

Access model

  • LegacyFixer is installed only on repositories selected during GitHub App installation.
  • You can uninstall the GitHub App or remove repository access at any time from GitHub settings.
  • The first scan should use passive monitoring.
  • Pull request creation is optional and controlled per repository.
  • LegacyFixer does not auto-merge pull requests.

Repository handling

LegacyFixer scans dependency files and records operational scan results. During trial, use repositories you are comfortable evaluating in a dependency-maintenance workflow.

Do not submit secrets, private logs, tokens, confidential source code, or production-sensitive repositories for an initial onboarding run.

Security reports

To report a suspected security issue, email contact@legacyfixer.ai with the subject “LegacyFixer security report”.

Please include a concise description, affected URL or repository if applicable, reproduction steps if safe to share, and your contact address.

Back to LegacyFixer