Frequently Asked Questions
Common questions about Specmark features, pricing, integrations, and security.
- Is Specmark open source?
- Partially. The scorecard rule engine (packages/scorecards) is MIT-licensed and available on GitHub. The SaaS platform (catalog, badges, web app) is proprietary. You can use the rule engine independently in your own projects.
- Does Specmark support GitLab or Bitbucket?
- Not yet. Specmark currently supports GitHub only. GitLab and Bitbucket support is planned for late 2026. If you're interested in early access, email [email protected].
- How does Specmark compare to Backstage or Port?
- Specmark is a lightweight, GitHub-native scorecard tool that requires zero YAML config to get started. Backstage and Port are full-featured Internal Developer Portals (IDPs) with service catalogs, CI/CD integrations, and plugin ecosystems. Choose Specmark if you want public scorecards in 5 minutes; choose an IDP if you need a centralized platform for service ownership, docs, and deploys.
- Do badges slow down README rendering on GitHub?
- No. Specmark badges are aggressively cached at the edge (5-minute cache + 24-hour stale-while-revalidate). GitHub's camo proxy caches them further upstream. Badge fetches complete in under 50ms p99 from edge locations.
- Can I self-host Specmark?
- Not officially. The SaaS platform is designed to run on Vercel + Neon + Inngest. However, the MIT-licensed scorecard engine (packages/scorecards) can be embedded in your own tooling. Full self-hosting instructions are not provided, but the source is available if you want to fork it.
- How does Specmark handle monorepos?
- Specmark treats each GitHub repository as a single entity. If your monorepo contains multiple services, you'll get one scorecard for the entire repo. Support for per-subdirectory scorecards is on the roadmap but not yet available.
- Can I use AI to generate custom scorecard rules?
- Not directly, but you can use an LLM (ChatGPT, Claude, etc.) to draft .specmark.yml files based on your requirements. Paste the Custom Scorecards reference doc into your prompt and ask the AI to generate rules for your use case.
- What is your pricing model?
- Specmark is free for up to 10 contributors. Paid plans are $5/contributor/month (Pro) and $10/contributor/month (Team). A contributor is any GitHub user who has committed to a repository in your org in the past 90 days. See the Pricing page for details.
- What GitHub permissions does Specmark require?
- Specmark requests read-only access to: repository metadata, repository contents (README and config files only), and commit history. We do not request write access, issues/PRs access, or access to Actions secrets. You can audit the requested permissions during GitHub App installation.
- How is my data stored and retained?
- Your data is stored in a Neon Postgres database (US region). We retain scorecard results for as long as your account is active, plus 30 days after deletion. Billing records are retained for 7 years. See the Privacy Policy for full details.
- Can I customize the badge appearance?
- Not yet. Badges currently display the letter grade (A-F) with a color-coded background. Custom badge styles (e.g., flat, for-the-badge) are on the roadmap.
- What happens if I hit the Free tier limit?
- If you exceed 10 contributors, we'll send you an email notification and give you a 14-day grace period before restricting new scans. Existing scorecard results remain accessible. Upgrade to Pro to continue scanning.
- Can I export my scorecard data?
- Yes. Team plan subscribers have access to a REST API for programmatic data export. Free and Pro users can request a CSV export by emailing [email protected].
- Does Specmark detect secrets or vulnerabilities in my code?
- No. Specmark is a metadata-based scorecard tool, not a security scanner. We do not read your application source code. For secret detection, use tools like GitHub Advanced Security, GitGuardian, or Gitleaks.
- How do I delete my account and data?
- Uninstall the Specmark GitHub App from your organization settings. Your data will be automatically deleted 30 days after uninstallation. To request immediate deletion, email [email protected].
Still have questions?
Email [email protected] or open an issue on GitHub.