Paya Scanner Paya Systems · Internal Security Tool

Stop secrets
before they leak

Paya Scanner automatically detects hardcoded API keys, passwords, tokens, and .env files across all Paya Systems repositories — alerting developers instantly on every push.

⚡

Auto-Scan on Every Push GitHub webhook triggers a real-time scan on every commit

📧

Direct Developer Alerts Emails the committer automatically — no manual setup per dev

🚫

.env File Blocking Detects and flags .env pushes with BFG removal instructions

50+

Detection Rules

Real-time

Push Scanning

Internal

Paya Only

Paya Systems

Sign in

Use your @payasystems.com email. Only Paya Systems team members have access.

Email Address

Password

Contact your admin if you don't have an account yet.

admin

GitHub Token Login

Repositories

Loading repositories…

Scanning repositories…

0 / 0 files 0% 0s elapsed

Preparing…

0 issues found

Scan Results

Scan Pasted Code

Detection Rules

Loading…

⚡ Auto-Scan on Push

Automatically scan changed files whenever a developer pushes to any branch. Results are emailed instantly.

📋 How to set up

1

Configure belowAdd your GitHub token, SMTP settings and recipient emails.

2

Register webhookGitHub repo → Settings → Webhooks → Add webhook. Paste the URL & secret.

3

Push codeEvery push triggers a scan. An email report lands in your inbox seconds later.

Webhook URL (paste into GitHub)

⚠️ GitHub must reach this URL from the internet. For local dev use ngrok: ngrok http 5050 then use the https://xxxx.ngrok.io/webhook URL.

🔑 GitHub Token for Webhook Scans

PAT with repo + read:user scope. This fetches pushed files for scanning.

🔒 Webhook Secret

Paste this into the GitHub webhook "Secret" field to verify requests.

⚡ Webhook Enabled

Pause scanning without removing the webhook from GitHub.

📧 Email (SMTP) Settings

Scan results are emailed after every push. Works with Gmail, Outlook, or any SMTP provider.

SMTP Host

Port

Username / Email

Password / App Password

CC Recipients — Admin & Project Manager

Add your email, your project manager's email — anyone who should always receive a copy (comma-separated).

✨ Auto-detect: The developer who pushed code is automatically identified from the GitHub webhook and receives the alert directly — no manual config per developer needed. Everyone in CC above also gets a copy of every scan result.

💡 Gmail: use an App Password — Google Account → Security → 2-Step Verification → App passwords.

🔒 Change Login Password

Update the shared password used to log in with a @payasystems.com email.

Current Password

New Password

Auto-Scan History

Loading history…

👥 User Management

Only @payasystems.com email addresses can be added

+ Add New User

Full Name

Email

Password

Role

All Users

Loading users…

Stop secretsbefore they leak

Sign in

Repositories

Scanning repositories… Cancel

Scan Results

Scan Pasted Code

Detection Rules

⚡ Auto-Scan on Push

Auto-Scan History

👥 User Management

Stop secrets
before they leak

Scanning repositories…