Dimension scores are derived from public data and fields; weighted into the composite. Reference only.
Codatus is an alert-first monitoring tool for GitHub organizations. Through a read-only GitHub App, it watches key repository controls, including repository visibility, branch protection, required status checks, required reviewers, bypass actors, and secret scanning. When any of these controls changes, Codatus sends alerts via Slack or email. Its goal is to fill the gap left by the GitHub audit log: events are recorded, but not proactively surfaced.
Based on the available information, Codatus is not about code scanning; its value lies in monitoring metadata and security configuration drift. Examples such as a private repository becoming public, branch protection being removed from main, required CI checks being deleted, the required reviewer count dropping to 0, a deployment bot being added to the bypass list, or push protection being disabled are all treated as high-risk signals. Deployment is lightweight: install the read-only GitHub App, choose Slack or email, and the system continuously listens from there. The service depends on the GitHub API and is subject to GitHub’s terms and rate limits. There is no visible documentation for integrations with GitLab, Bitbucket, webhooks, SIEM platforms, or ticketing systems.
The product is currently in pre-launch, with early access available by request. Pricing is a single plan at USD 99 per organization per month, and early users can lock in that price. It includes six signal types, Slack/email routing, and organization-level coverage. On the open-source side, the terms state that the website and non-open-source app code are owned by Cove Innovations, s.r.o., while the scanner library is open source. Current documentation is closer to marketing pages and terms than a full technical manual. The installation steps are clear, but there is limited disclosure around permission details, alert latency, data retention, audit capabilities, false-positive handling, and enterprise management features.
The main advantage is its narrow and well-defined positioning: it addresses silent changes to critical GitHub controls. The read-only installation also lowers adoption friction, and the price is lighter than most enterprise security platforms. The downsides are that it has not officially launched yet, so service stability, support SLA, payment methods, and real-world experience remain unknown. The integration ecosystem is also limited. In addition, the terms mention a scorecard, which differs somewhat from the homepage’s emphasis on real-time alerts. Codatus is best suited for small to midsize engineering teams that rely heavily on GitHub, have a meaningful number of repositories, but do not have the budget for a dedicated security platform.
The main text does not state whether the official website or payments work reliably from China. Since GitHub-related services may be affected by network conditions in China, its China accessibility can only be rated as unknown. Teams that need a localized alternative could consider building partial monitoring based on the GitHub audit log, scheduled GitHub Actions checks, or self-hosted scripts.
⚠ This review is compiled from public sources and does not constitute a purchase recommendation. Verify all facts on the vendor's official site. Verify on codatus.com official site.
codatus.com is an Unknown Dev Tools provider. TG4G tracks its product information, an overall rating of 7.0/10, and a China-accessibility score of Workable. Click "Visit Official Site" to reach codatus.com directly.