Organizations

Organizations are shared workspaces where teams collaborate on runs, findings, billing, and connected repositories. Create one when you want multiple people working from the same set of audits and triage decisions.

Members and roles

Organizations have two roles:

Owners can manage billing, edit organization settings, invite or remove members, and connect GitHub. Members can create runs, triage findings, and use the API, but they can't change org-level settings or manage other members.

When a GitHub organization is linked, membership syncs automatically — anyone who joins or leaves the GitHub org is reflected in V12 without manual invites.

GitHub connection

Linking a GitHub organization lets V12 sync membership and access repositories owned by that org. Go to Settings → Organization, connect your GitHub account if you haven't already, then install the V12 GitHub app on the GitHub organization you want to link.

The GitHub app needs read access to repository contents for analysis. It does not request write access.

Analysis context

The Analysis context field in Settings → Organization is freeform text that V12 reads at the start of every run. It's how you tell V12 things it can't learn from the code alone — what your team builds, which repositories matter most, what you've already accepted, and what kinds of findings you consider noise.

Think about what you'd tell a security engineer on their first day reviewing your codebase. A few sentences that capture your team's priorities go a long way.

A DeFi team might write something like:

We build a lending protocol on Ethereum. The contracts in core-vaults/ custody user funds and are highest priority. sdk/ is a TypeScript client library used by integrators — findings there are lower priority. We've accepted the reentrancy risk in FlashLoan.sol because it's mitigated by the mutex in VaultGuard. Focus on fund loss, access control, and oracle manipulation.

A backend team might write something like:

We run a multi-tenant Node.js API. packages/auth/ and packages/billing/ are the most sensitive — anything involving session tokens, payment data, or tenant isolation is high priority. packages/admin-tools/ is internal only. We use Stripe for payments and never handle raw card numbers.

Only organization owners can edit this field.

Data privacy

The Privacy tab in Settings controls how V12 routes requests to upstream model providers.

Zero data retention (ZDR) restricts V12 to providers that contractually guarantee your code and prompts are never stored or used for training. The strongest models already support ZDR, so most runs are unaffected, but enabling it limits the pool of available models and may occasionally change which model handles a given task. V12's pricing is the same either way.

Enable ZDR if your organization requires that source code is never retained by a third party. If you're comfortable with the default provider agreements, you don't need it.