Frequently Asked Questions

How does RSOLV pricing work?

RSOLV offers three tiers based on your security remediation needs:

What does each phase cost?

• SCAN: Always free — pattern matching and AST validation included
• VALIDATE: Counts against your monthly validation limit (Free: 5/mo, Pro/Team: unlimited)
• MITIGATE: Counts against your monthly fix limit (Pro: 15/mo, Team: 50/mo). Only on success.

Can I scan unlimited repositories for free?

Yes! The SCAN phase is always free on every plan. You can continuously scan as many repositories as you want to identify vulnerabilities. Validations and fixes count against your monthly plan limits.

What programming languages does RSOLV support?

RSOLV currently supports projects using actively maintained runtime versions of:

Your project's runtime must be a currently maintained version (not end-of-life). For example, Python 3.9+, Ruby 3.1+, Node.js 18+, Erlang/OTP 25+, Java 17+, and PHP 8.1+ are all supported. Projects on EOL runtimes (e.g., Python 2, Ruby 2.7, Node 16) may still work, but we don't officially support them. Dependencies and libraries don't need to be the latest version — we support older packages as long as they install correctly on a supported runtime.

Are more languages coming?

Yes! We're actively working on adding support for Go, Rust, C#, and more. Vote for your preferred language on our GitHub Discussions.

How is RSOLV different from other security scanning tools?

RSOLV is unique in several ways:

Do I still need other security tools?

RSOLV complements existing tools like Dependabot (dependencies), Snyk (container scanning), and SonarQube (code quality). RSOLV focuses specifically on custom code vulnerabilities with automated fix generation. Use them together for comprehensive security coverage.

Is my code secure when using RSOLV?

Yes! RSOLV is built with security-first principles:

• Client-side encryption: Code is encrypted using AES-256-GCM before leaving your GitHub Action runner
• No permanent storage: Code is decrypted only in memory for analysis and never stored on disk
• Sandboxed analysis: AST parsing runs in isolated processes with strict resource limits
• Metadata only: Only vulnerability metadata (file paths, line numbers, severity) is stored

What data does RSOLV collect?

RSOLV collects minimal data required for operation:

• Repository name and issue numbers (for phase coordination)
• Vulnerability metadata (pattern ID, severity, file path, line number)
• Usage metrics (API calls, monthly usage counts)
• Error logs (for debugging and support)

We never collect or store your actual source code.

How accurate are RSOLV's vulnerability detections?

RSOLV uses a two-stage approach to maximize accuracy:

1. Pattern matching: Identifies potential vulnerabilities using regex patterns (high recall, some false positives)
2. AST validation: Confirms vulnerabilities using Abstract Syntax Tree analysis (filters ~70% of false positives)

Our AST validation achieves approximately 85-90% precision (true positives / total positives) while maintaining high recall.

What if RSOLV reports a false positive?

If you believe a detection is incorrect:

1. Close the GitHub issue with a comment explaining why it's a false positive
2. Report it to support@rsolv.dev so we can improve the pattern
3. False positives don't count against your limits if you don't process them

Can RSOLV miss vulnerabilities?

Like all automated tools, RSOLV may miss complex or novel vulnerability patterns. We continuously update our pattern database based on new research and user feedback. RSOLV should be part of a comprehensive security strategy that includes manual code review, penetration testing, and other security practices.

Can I use RSOLV with private repositories?

Yes! RSOLV works with both public and private repositories. The GitHub Action runs in your repository's GitHub Actions environment and only sends encrypted code snippets to the RSOLV API for AST validation. Your full source code never leaves GitHub.

Do I need special permissions for private repos?

No special RSOLV permissions are required. You just need:

• Admin access to the repository (to set up GitHub Actions and Secrets)
• GitHub Actions enabled for the repository
• Standard workflow permissions (contents: write, issues: write, pull-requests: write)

How do I upgrade to a paid plan?

1. Visit rsolv.dev/portal
2. Click "Upgrade Plan"
3. Choose Pro ($59/month) or Team ($249/month)
4. Enter payment information
5. Your new limits take effect immediately

Can I switch between plans?

Yes! You can switch between Free, Pro, and Team at any time. When upgrading, your new limits take effect immediately. When downgrading, you keep your current plan benefits until the end of your billing period.

Is there an enterprise plan?

Yes! For teams needing dedicated support, custom rate limits, on-premise deployment, or volume discounts, contact enterprise@rsolv.dev for custom enterprise pricing.

What are RSOLV's rate limits?

What happens if I hit a rate limit?

The workflow will receive a 429 error with a retry-after time. GitHub Actions will automatically retry failed requests. For higher limits, upgrade to Pro Plan or contact us about enterprise options.