What started as a free security scan tool for vibe coded apps turned into an open source project for a much deeper Static Application Security Test (SAST) + Dynamic Application Security Testing (DAST) scan + a SAST defined DAST plan - basically the SAST scan finds a possible route to attack and passes it off to the DAST scanners to try and exploit.
The goal is to give folks a tool to keep building with AI but without compromising on security when it comes to their customers' data.
Feedback is always welcomed; I'd especially love to hear about:
1. any false positives 2. any vulnerability class that you'd expect but is missing in the tool 3. how the SAST defined DAST scan plan fares against your code repo
If you got this far, thanks for reading and hope you find this useful :slightly_smiling_face: