Common Questions Answered
Common questions and solutions
Billing & Plan Limits
Free vs Pro tier comparison and trial details.
| Feature | Free Tier | Pro Tier |
|---|---|---|
| Projects | 5 maximum | Unlimited |
| Total Packages | 200 | Unlimited |
| Scans per Month | 50 | Unlimited |
| Scan History | 30 days | 1 year |
| Vulnerability Scan | 500 packages | 500 packages |
| Scheduled Scans | — | Daily/Weekly/Monthly |
| Email Alerts | — | Yes |
| Export (CSV/JSON) | — | Yes |
| API Access | Read-only (120 rpm read) | 240 rpm read / 30 rpm write (Pro/Trial) |
| GitHub Imports | 1 repository lifetime | Unlimited repositorys |
| Priority Support | — | Yes |
Pro Tier Pricing
7-Day Pro Trial
• All new accounts get 7-day Pro trial
• No credit card required to start
• Full access to Pro features
• Auto-downgrades to Free after trial
Cancellation Policy
- • Cancel monthly or annual plans anytime from the Billing page
- • Access continues through the end of your current billing period
- • Your subscription will not renew after cancellation
API Error Reference
Complete catalog of API error codes and solutions.
Error Response Structure
{
"success": false,
"message": "Human-readable error message",
"errors": {
"field_name": ["Validation error details"]
}
}HTTP Status Codes
| Code | Message | Solution |
|---|---|---|
400 | Bad Request | Check request syntax and JSON format |
401 | Unauthenticated | Verify Authorization header: Bearer YOUR_TOKEN |
403 | Unauthorized | Token needs required ability (e.g., scan:write) |
404 | Not found | Verify project/scan ID exists |
422 | Validation failed | Check errors object for field details |
429 | Too many requests | Implement exponential backoff |
500 | Internal server error | Contact support with request ID |
Rate Limit Error (429)
{
"success": false,
"message": "Too many requests. Please try again in 60 seconds."
}
// Headers included:
X-RateLimit-Limit: 120
X-RateLimit-Remaining: 0
X-RateLimit-Reset: 1609459260
Retry-After: 60Solution: Wait for Retry-After seconds or implement exponential backoff.
Troubleshooting
Common issues and solutions.
Scan shows 'Needs Exact Version' packages
Cause: Package version is not pinned (e.g., ^1.0.0, >=2.0.0, latest)
Solution: For anonymous scans, ensure all versions are exact (e.g., 1.2.3). For authenticated scans and Pro projects, version ranges are allowed, but scans require a resolved exact version from a lockfile or a pinned entry.
GitHub import not detecting manifest files
Cause: Manifest or lockfile is nested deeper than the scan depth or not a supported file type
Solution: GeekWala uses deep search (max depth 5) and prioritizes lockfiles. If files are deeper, import the lockfile manually or move it closer to the repo root.
Scan stuck in 'queued' status
Cause: Background job queue is backed up
Solution: Wait 5–10 minutes for the queue to process. If still stuck after 15 minutes, refresh the page or contact support with the scan ID.
Email verification not received
Cause: Email in spam folder or service delay
Solution: Check spam/junk folder. Add noreply@geekwala.com to contacts. Email verification is not required to use the dashboard.
API returns 403 Forbidden
Cause: Token lacks required abilities or plan restriction
Solution: Verify token abilities. Free plans can create read-only tokens; write abilities require Pro or Trial.
Export button not visible
Cause: Free tier does not include export functionality
Solution: Upgrade to Pro tier to unlock CSV/JSON export. During 7-day trial, export is available.
EPSS scores or 'Actively Exploited' badges not showing
Cause: Vulnerability lacks a CVE identifier, or threat intelligence data is still being enriched
Solution: EPSS and CISA KEV data only apply to vulnerabilities with CVE IDs (e.g., CVE-2024-1234). GitHub Security Advisories (GHSA-xxx) are mapped to CVEs when available. Wait a few minutes for enrichment to complete after a scan.
Need More Help?
Reach out via the Contact page with:
- • Description of the issue
- • Steps to reproduce
- • Scan ID or project ID (if applicable)
Best Practices
Recommended workflows for maximum security coverage.
Scan Early and Often
Run scans before deploying. Integrate into CI/CD pipelines. Use scheduled scans for production.
Prioritize by Severity
Critical: 24h, High: 7 days, Medium: 30 days, Low: next release cycle.
Monitor Transitive Dependencies
Use lock files (package-lock.json, Gemfile.lock) for exact versions of nested dependencies.
Automate Notifications
Enable email alerts for critical/high vulnerabilities. Configure in-app notifications.
Use API for Scale
Managing 10+ projects? Use the API to automate project creation and scanning.
Keep Dependencies Updated
Use Dependabot, Renovate, or npm-check-updates. Re-scan after updates.
Test in Staging First
Never patch production without testing. Use separate projects for environments.
Document Security Policy
Define SLAs for remediation. Assign ownership. Track compliance with scan history.
Glossary
Technical terms and definitions.
API
Application Programming Interface - rules that allow software applications to communicate.
CISA KEV
Cybersecurity and Infrastructure Security Agency Known Exploited Vulnerabilities - U.S. government catalog of vulnerabilities actively being exploited in the wild.
CVE
Common Vulnerabilities and Exposures - standardized identifier for security vulnerabilities (e.g., CVE-2024-1234).
CVSS
Common Vulnerability Scoring System - numerical score from 0.0 to 10.0 for vulnerability severity.
Dependency Manifest
File listing packages your application depends on (package.json, requirements.txt, pom.xml).
Ecosystem
Package management system for a language. GeekWala supports: npm, PyPI, Maven, Packagist, Go, crates.io, RubyGems, NuGet.
EPSS
Exploit Prediction Scoring System - FIRST.org scoring system predicting the likelihood a vulnerability will be exploited within 30 days. Scores range from 0% to 100%.
Vulnerability Scan
GeekWala's anonymous scanning feature for quick vulnerability checks without an account.
Lock File
File recording exact versions of all dependencies (package-lock.json, Gemfile.lock).
OSV
Open Source Vulnerabilities - Google's free vulnerability database aggregating multiple sources.
Pinned Version
Exact version number (1.2.3) as opposed to a range (^1.0.0). Required for anonymous scans.
Rate Limiting
Restrictions on API requests per time period. Free: 120 read/15 write req/min. Pro/Trial: 240 read/30 write req/min.
Transitive Dependency
A dependency of your dependency (indirect). If A → B → C, then C is transitive to A.
Project
Named collection of packages to track and scan for vulnerabilities.