Support

Install via pip (requires Python 3.8+):See the installation guide for details.

Oncecheck scans iOS (Xcode projects, Info.plist, entitlements), Android (AndroidManifest, Gradle configs), and Web (security headers, CSP, CORS, cookies) projects. The platform is auto-detected from your project structure.

Starter (Free): 35 rules, 3 scans/day, terminal output only. Team ($19/mo or $190/yr): all 78+ rules, unlimited scans, JSON/SARIF/text export, CI/CD integration, priority support. See pricing for a full comparison.

Log in to your account and visit the upgrade page. You can pay with any card via Stripe. Upgrades take effect immediately.

Go to your upgrade page and click "Manage subscription" to open the Stripe customer portal. From there you can cancel your subscription. Access to Team features continues until the end of your current billing period.

Go to Settings and click "Delete my account" in the danger zone. You will need to type DELETE to confirm. Your account enters a 90-day retention period during which you can log back in and reactivate. After 90 days, all data is permanently deleted. Active subscriptions are cancelled immediately.

No. Oncecheck runs entirely on your machine. Your source code never leaves your device. The only data we store is your account information and a daily scan counter for plan limit enforcement.

Yes. Oncecheck returns exit codes (0 = pass, 1 = warnings, 2 = failures) for pipeline automation. The Team plan adds SARIF export for GitHub Code Scanning integration. See the CI/CD guide.

SARIF (Static Analysis Results Interchange Format) is an industry standard for static analysis tools. Oncecheck exports SARIF 2.1 files that can be uploaded to GitHub Code Scanning or opened in VS Code. See export formats.

No. Oncecheck scan results are advisory and informational only. They help catch common compliance issues but do not constitute legal advice or compliance certification. App store reviews consider factors beyond what automated scanning can detect.