Features Pricing Blog FAQ Get Early Access →

Architecture-Aware Code Security — Understand, Secure, and Fix Your Codebase | Xolvyn

Xolvyn is an architecture-aware code security platform that scans any GitHub or GitLab repository for 50+ vulnerability classes and CVEs, maps how every file connects, and ranks each finding by blast radius — how many files depend on the affected code — so teams fix what’s load-bearing first.

Now in private beta Launching August 2026

See every file, and what depends on it

Xolvyn maps your repo into a live dependency graph, so you can see how each module connects and where a change will ripple. New engineers get productive in days.

Secure it — ranked by blast radius

50+ checks and CVE scanning, every finding ranked by how much of your system it can break. Fix what's load-bearing first.

Reviewed and fixed on every pull request

Xolvyn grades and analyzes each PR in GitHub before you merge — then opens the fixes as real pull requests you review and approve.

See your codebase as a living graph

Zoom from a six-layer architecture map down to any file — every dependency drawn, every module connected to the heart of the system.

Works with GitHub & GitLab OAuth-only access Zero code retention Never trained on your code

One map of your codebase. Everything your team needs to ship safely.

Xolvyn builds one dependency map of your repo — then turns it into four things engineering and security teams actually need.

For new hires & eng leads

Onboard engineers in days, not weeks

New hires explore an interactive map of your codebase — every layer, every dependency, what each module does — and ask @mentor questions answered with real file paths from your actual code.

For developers & reviewers

Know what breaks before you merge

See the blast radius of any pull request — what it changes, what downstream depends on it, and what’s safe to ship. No more surprise regressions from a one-line change.

For developers

Don’t just find problems — fix them

Turn a finding into a reviewed pull request in one click. AST-aware remediation, confidence-scored, and nothing merges without your approval. You stay in control; Xolvyn does the grunt work.

From a GitHub URL to a ranked report in about a minute.

01

Connect your repo

Paste a GitHub or GitLab URL. No install, no config.

02

Xolvyn maps and scans

It builds an AST-based dependency graph of every file, then runs 50+ security checks plus CVE scanning.

03

Get a ranked report

Vulnerabilities sorted by blast radius, an A–D security grade, PR impact, and one-click fixes.

Start free. Scale when you’re ready.

Locked
Free

For solo developers exploring public repositories.

  • Public repo analysis
  • Architecture explorer
  • @mentor (limited)
  • Basic audit
Claim Free Tier →
Locked
Team

For teams that need shared workflows.

  • Everything in Pro
  • Team dashboard
  • Org-wide PR analysis
  • Pooled AI credits
  • Priority support
Claim Team →
Custom
Enterprise
Custom

Self-hosted, SSO, dedicated onboarding.

  • Everything in Team
  • SSO / SAML authentication
  • Audit logs
  • SARIF export
  • Self-host option available
  • GitHub App org-wide installation
  • SOC 2 Type II (in progress)
  • Dedicated SLA
  • Founder direct line
Talk to Founders →

Frequently asked questions

How does Xolvyn rank vulnerabilities by blast radius?

Xolvyn builds an AST-based dependency graph of your codebase, then scores each finding by how many files depend on the affected file. A medium-severity issue on a file that 47 others rely on can outrank a critical issue on an isolated file — so you fix what can actually break your system first.

Does Xolvyn store or train on my code?

No. Xolvyn shallow-clones your repository, analyzes it in memory, and deletes it immediately. Access is OAuth-only, and your code is never used to train any model.

Is Xolvyn GDPR-compliant?

Yes. Analysis is ephemeral and access is permission-scoped, in line with GDPR requirements.

What programming languages does Xolvyn support?

AST-based dependency mapping covers TypeScript, JavaScript, Python, Go, and Java. Security scanning runs across your whole repository, including config and infrastructure files.

How is Xolvyn different from free codebase-visualization tools?

Free tools show you a map, but they don’t find vulnerabilities, scan CVEs, rank by blast radius, or open fix pull requests. Xolvyn turns codebase understanding into security action.

Will Xolvyn merge code without my approval?

Never. Auto-fix opens a pull request for you to review — nothing merges without a human approving it.

What is @mentor and how does it work?

@mentor is Xolvyn’s AI assistant grounded in your actual codebase. Unlike generic AI chatbots that guess from training data, @mentor answers questions using your real dependency graph, file relationships, and architecture layers — so when you ask “what does this service do?” or “what breaks if I change this file?”, the answer references your actual code paths, not hallucinated ones.

Stop guessing which vulnerabilities matter.

Get early access to Xolvyn and see your codebase ranked by what can actually break it.

Free for public repos · No install · Launching August 2026

You’re on the list. We’ll be in touch soon.