Show HN: OWASP Scanner for Vibe Coded Apps

2•h_jain•9mo ago

Hey HN,

We just launched an early version of Circuit — a lightweight tool that helps vibe coders, citizen developers, and indie hackers run fast security scans focused on the OWASP Top 10 vulnerabilities and get practical fixes.

The problem we noticed: A lot of projects being built in no-code/low-code environments (Replit, Lovable, V0, Bubble, etc.) ship quickly but rarely get security reviewed. Even small apps often expose APIs, misconfigure auth, or leak secrets without realizing it.

With Circuit, you can: • Submit your app URL • Get a security report checking OWASP Top 10 vulnerabilities • Get suggested fixes for the issues found (not just a scary list)

We’re aiming to make security reviews fast and accessible for solo developers and small teams — without needing to be a security expert.

Right now: • It’s free while we’re in early stages • Feedback reports are emailed manually after scanning • You can see a sample report to know what to expect

Try it here: https://circuit.sh/

Comments

aniagent•9mo ago

Was looking for this exact thing, very interesting project.

alp1n3_eth•9mo ago

What are you using on the backend to actually scan it? Is it just ZAP / Burp Scanner? Or are you scanning the code itself, and just using a Semgrep / Snyk approach?

The landing page being free-tier Framer is a little sketch, the main contact should also probably be a form or an email address instead of a non-US phone number.

Is AI used throughout the entire process or just mainly focused on providing remedation recommendations based on the output of other tooling (scanners, JS analysis, secret scanning, etc.)?

Interesting project! Looking forward to see how it works and evolves.

Show HN: Peekr – An anonymous "Truth or Dare" game built with MERN

Casplist.eu

OpenAI exec becomes top Trump donor with $25M gift

(AI) Slop Terrifies Me

Anthropic's team cut ad creation time from 30 minutes to 30 seconds

Show HN: Elysia JIT "Compiler", why it's one of the fastest JavaScript framework

Cache Monet

Chinese Propaganda in Infomaniak's Euria, and a Reflection on Open Source AI

Show HN: A free, browser-only PDF tools collection built with Kimi k2.5

Curating a Show on My Ineffable Mother, Ursula K. Le Guin

Show HN: HackerStack.dev – 49 Curated AI Tools for Indie Hackers

Pensions Are a Ponzi Scheme

Divvy.club – Splitwise alternative that makes sense

Betterment data breach exposes 1.4M customers

MIT Technology Review has confirmed that posts on Moltbook were fake

Epstein Science: the people Epstein discussed scientific topics with

Bambuddy – a free, self-hosted management system for Bambu Lab printers

Every Failed M4 Gun Replacement Attempt

China ramps up energy boom flagged by Musk as key to AI race

Show HN: ClawBox – Dedicated OpenClaw Hardware (Jetson Orin Nano, 67 Tops, 20W)

Ask HN: AI never gets flustered, will that make us better as people or worse?

Show HN: HalalCodeCheck – Verify food ingredients offline

Student makes cosmic dust in a lab, shining a light on the origin of life

In the Australian outback, we're listening for nuclear tests

'Hermès orange' iPhone sparks Apple comeback in China

Show HN: Goxe 19k Logs/S on an I5

The async builder pattern in Rust

(Golang) Self referential functions and the design of options

Show HN: Model Training Memory Simulator

Claude Code Controller