Per-repository ML models

Repo-specific
PR risk intelligence

RepoSignal trains a prediction model on your repository's own commit and revert history — then uses it to flag pull requests that historically required correction in codebases like yours.

Start free — 1 repository View live demo

No credit card required. Calibration takes 10–30 minutes on first connect.

High Risk PR #1847 — Refactor session token validation
RepoSignal risk assessment
Changes to this area were corrected 3.1× more often than the baseline in walk-forward validation. The authentication module in this repository has a correction rate of 18% — three times the repository average of 5.8%.
AUC 0.81 — Strong signal Lift 3.1× over baseline Model trained on 19,542 commits
How it works

Every model is trained on your repo, not someone else's

Most risk tools use heuristics or generic models. RepoSignal learns from the patterns of what actually gets corrected in your codebase — and only yours.

1
Connect a repository
RepoSignal clones your repository and analyzes the full commit and revert history. This runs once during calibration, which typically takes 10–30 minutes.
2
Walk-forward validation
The model is trained on older commits and tested against future ones — never mixing training and test data. AUC and lift are calculated on held-out data. You see the exact quality of every model, including its known weaknesses.
3
Score pull requests
A GitHub Action runs on every pull request. Each PR is scored by your calibrated model, translated into plain-English narrative, and surfaced through the dashboard — never as raw ML scores.
Signal modes

Model quality determines what you can do with it

Not every repository has enough correction history to support a gate. RepoSignal automatically assigns a signal mode based on validation results.

Alert
PR gate capable
Strong predictive signal. This model can reliably separate high-risk PRs from low-risk ones. Suitable for blocking or requiring review based on risk.
Requires AUC ≥ 0.75 and lift ≥ 2.0× in walk-forward validation.
Prioritize
Review routing
Ranking signal. The model can sort PRs by relative risk, but confidence is not sufficient for a hard merge gate. Use for routing high-risk PRs to senior reviewers and prioritizing the review queue.
Requires AUC ≥ 0.65. Blocking is not recommended.
Context
Scanner findings only
Insufficient correction history for predictions. RepoSignal surfaces static analysis findings and security scanner output, without attempting risk ranking.
No ML predictions shown. Scanner results still available.
Evidence approach

We show you the model's limitations, not just its performance

Every calibration result shows exactly how the model was tested, where it is most reliable, and where confidence is lower — so you can judge whether to trust it.

AUC
Area Under the Curve measures how well the model separates high-risk from low-risk changes. Calculated on held-out data the model never saw during training. 0.5 = random chance. RepoSignal shows you this number directly, including when it's weak.
Lift
How many times more likely a flagged PR is to require correction, compared to the repository baseline. A lift of 3× means the top-risk group was corrected three times more often than the average PR in validation.
WFV
Walk-forward validation: the model is trained on the first portion of history and tested on the next portion, then repeated across multiple folds. This prevents data leakage and gives you an honest estimate of future performance.
Scope
RepoSignal explicitly identifies areas with sparse training data — paths with fewer than 10 historical correction examples. Predictions in those areas are presented with lower confidence. You are never shown a confident prediction in an area the model hasn't seen.
Engineering governance

Risk intelligence with enforceable governance

RepoSignal is not only a risk detector — it's a governance platform. Policies enforce review requirements, escalations, and merge gates. Every decision is logged to an immutable audit trail.

Merge governance
Block merges when open secrets are detected. Require additional reviewers when risk is high. Escalate to security admin for critical findings. Policies run in Observe, Warn, or Enforce mode — you choose the maturity level.
Immutable audit log
Every action — policy change, finding acknowledgement, override grant, role change — is permanently recorded. The audit log cannot be edited or deleted. Exportable as CSV for compliance reporting.
Role-based access
Six distinct roles: Org Owner, Org Admin, Security Admin, Engineering Manager, Reviewer, Read-Only. Each role maps to specific permissions on findings, policies, exceptions, and calibration. No over-permissioning required.
Governed exceptions
When a merge cannot wait, security admins can grant time-limited exceptions with mandatory written justification. Exceptions are logged, visible to all admins, and expire automatically.
Pricing

Start Free. Scale When Ready.

Per-repo pricing. Your rate is determined automatically by calibration — stronger signal = higher value = higher rate.

Free
$0
Scan your code. See what's wrong. One repo, no commitment.
1 repository
Code health scanning
Issue detection with fix code
AI assistant (BYOK)
15 analyses total
Get Started
Pro
Most popular
$79–149/repo/mo
Per-repo pricing based on signal strength. System determines your rate automatically from calibration.
Up to 10 repositories
$79/repo — ranking signal (prioritize reviews)
$149/repo — alert signal (gate PRs automatically)
500 analyses per repo/month
Code health + supply chain scanning
Overage: $0.15–$0.25/analysis

Signal mode is determined by calibration — you never choose. Stronger signal = higher value = higher rate.

Start Pro
Team
$149–249/repo/mo
Organization-level visibility across your entire portfolio. Per-repo pricing based on signal strength.
Up to 50 repositories
$149/repo — ranking signal
$249/repo — alert signal (PR gate)
2,000 analyses per repo/month
Organization dashboard + analytics
Overage: $0.10–$0.20/analysis

Best for: engineering orgs managing multiple repos with team-level security posture tracking.

Start Team