Lock Down Your Github PRs

Add multi-factor authentication to Github pull requests with a click. Secure your code.

How OTP Guard Works

Connect OTP Guard to protect your Github repositories with a few clicks.
After submitting or updating a pull request, use your authenticator to validate the PR.

That's all! See the quickstart for more details.

Why OTP Guard?

Beyond Basic Login Security. Having session credentials is not a surefire indicator of authenticity. OTP Guard ensures it is really you or your team present at sensitive touch-points. The phishing resistance of hardware authenticators offers two-way assurance: that your team is physically there, and that they are dealing with OTP Guard.
Malware Defense. Sophisticated malware can hijack logged-in sessions and impersonate targeted accounts. OTP Guard's security layer prevents such intrusions, authenticating every merge into your codebase.
Step-Up Multi-Factor Authentication. Sensitive touch points in your application need a step-up in authentication to ensure the security of your applications and organization. OTP Guard adds an authentication factor separate from the usual session credentials.
An Isolated Security Layer. Unlike standard MFA tied to an identity provider, OTP Guard is an independent and isolated source of critical authentication factors. This extra layer of security ensures that even if your primary IdP is compromised, your applications remain protected.
Defense In Depth. OTP Guard works in conjunction with existing security mechanisms, such as Git commit signing and Github access control. Administrators have full control of hardware authenticator requirements while offering users a low-friction MFA enrollment pathway. This offers more visibility, control and better ease-of-use compared to setting up Git commit signatures for each contributor, and scales across merges and open-source repositories where contributors may not have signing keys set-up.

Features

Easy setup via GitHub OAuth2. Just a few clicks is all it takes to protect your organization.
Permissions seamlessly follow GitHub. Add or remove a team member, or change someone's permissions on GitHub? No problem - OTP Guard will seamlessly pick up on these changes. No need for a separate checklist step to update provisioning or access control in OTP Guard after org changes. OTP Guard is security tooling that drops seamlessly into your stack, and keeps itself updated as your team changes.
Tightly scoped OAuth2 permissions. OTP Guard only requires minimal privileges to work. The contents of your repositories or code in pull requests is not visible to OTP Guard. The only permissions OTP Guard needs are for GitHub checks and read-only permissions for pulls - PR metadata, not code.
Granular repository access Easily apply OTP Guard's protection to all GitHub repositories in your organization, or just a few selected ones.
Organization-scoped authenticators. For users that belong to separate GitHub organizations, OTP Guard maintains separate user authenticator registrations for each organization. As an additional defense against hijacking attacks, organizations may require administrative approval of new authenticator enrollments on OTP Guard.
Passkeys via WebAuthn.Built into modern browsers - Chrome, Edge, Safari and Firefox.
Hardware Security Keys. Bring your own Yubikey or any WebAuthn-compatible device
Authenticator app support. OTP Guard supports common authenticator apps, such as Google Authenticator, Microsoft Authenticator, iCloud Keychain and more.
OTP Review. See who authenticated which PRs, and when.
Audit Log. Review authenticator enrollments on OTP Guard and OTP activity across your organization.
Phishing Protection. OTP Guard offers best-in-class phishing protection with security images and authentication based on the WebAuthn standard.

Have any ideas or specific requirements? Talk to us and help inform the development of OTP Guard.

Testimonials

"Incredibly positive quote about OTP Guard here" - Dan, Redact

Pricing

Free for now. In the future, pricing will resemble the following:

First 5 users in an organization free
$15 per 10 active users per month, after the first 5 users
Open Source is always free. Users that only contribute to open-source repositories are not charged.

Have questions or need a custom plan? Talk to us