Show HN: OWASP Scanner for Vibe Coded Apps

2•h_jain•9mo ago

Hey HN,

We just launched an early version of Circuit — a lightweight tool that helps vibe coders, citizen developers, and indie hackers run fast security scans focused on the OWASP Top 10 vulnerabilities and get practical fixes.

The problem we noticed: A lot of projects being built in no-code/low-code environments (Replit, Lovable, V0, Bubble, etc.) ship quickly but rarely get security reviewed. Even small apps often expose APIs, misconfigure auth, or leak secrets without realizing it.

With Circuit, you can: • Submit your app URL • Get a security report checking OWASP Top 10 vulnerabilities • Get suggested fixes for the issues found (not just a scary list)

We’re aiming to make security reviews fast and accessible for solo developers and small teams — without needing to be a security expert.

Right now: • It’s free while we’re in early stages • Feedback reports are emailed manually after scanning • You can see a sample report to know what to expect

Try it here: https://circuit.sh/

Comments

aniagent•9mo ago

Was looking for this exact thing, very interesting project.

alp1n3_eth•9mo ago

What are you using on the backend to actually scan it? Is it just ZAP / Burp Scanner? Or are you scanning the code itself, and just using a Semgrep / Snyk approach?

The landing page being free-tier Framer is a little sketch, the main contact should also probably be a form or an email address instead of a non-US phone number.

Is AI used throughout the entire process or just mainly focused on providing remedation recommendations based on the output of other tooling (scanners, JS analysis, secret scanning, etc.)?

Interesting project! Looking forward to see how it works and evolves.

OpenClaw Creator: Why 80% of Apps Will Disappear

What Happens When Technical Debt Vanishes?

AI Is Finally Eating Software's Total Market: Here's What's Next

Computer Science from the Bottom Up

Show HN: I built a toy compiler as a young dev

You don't need Mac mini to run OpenClaw

Learning to Reason in 13 Parameters

Convergent Discovery of Critical Phenomena Mathematics Across Disciplines

Ask HN: Will GPU and RAM prices ever go down?

From hunger to luxury: The story behind the most expensive rice (2025)

Substack makes money from hosting Nazi newsletters

A New Crypto Winter Is Here and Even the Biggest Bulls Aren't Certain Why

Moltbook was peak AI theater

Why Claude Cowork is a math problem Indian IT can't solve

Show HN: Built an space travel calculator with vanilla JavaScript v2

Why a 175-Year-Old Glassmaker Is Suddenly an AI Superstar

Micro-Front Ends in 2026: Architecture Win or Enterprise Tax?

These White-Collar Workers Actually Made the Switch to a Trade

The Wonder Drug That's Plaguing Sports

Show HN: Which chef knife steels are good? Data from 540 Reddit tread

Federated Credential Management (FedCM)

Token-to-Credit Conversion: Avoiding Floating-Point Errors in AI Billing Systems

The Story of Heroku (2022)

Obey the Testing Goat

Claude Opus 4.6 extends LLM pareto frontier

Brute Force Colors (2022)

Google Translate apparently vulnerable to prompt injection

(Bsky thread) "This turns the maintainer into an unwitting vibe coder"

Software development is undergoing a Renaissance in front of our eyes

Can you beat ensloppification? I made a quiz for Wikipedia's Signs of AI Writing