New scan
Verified live in this session, including against a real private repository. For public organizations and users, no token is needed — leave this field blank and Nexum will read only publicly visible data. A token is only required if the org or repos are private. Steps: GitHub → Settings → Developer settings → Personal access tokens → Fine-grained tokens → Generate new token. Scope it to read-only, and restrict it to only the org/repos you're auditing — never grant write access or account-wide scope.