Public scan · No login

Scan your repo.
See what’s broken.

Free. Runs the same scanner we use in coaching. No login, no install. Drop a zip or paste a public GitHub URL.

25 MB zip · 50 MB clone · 5000 files · 60s scan · Runs on rules only (no AI)

Prefer CLI?

Intake — choose a scan path

Two quick questions. We’ll route to the right view.

FormSS-002 · Public Scan

01Which path?

02Which input?

What we check

Eight rule domains. Same engine as Sentinel.

SEC

Secrets & credentials

Hardcoded keys, tokens, passwords, private keys committed to source.

AUTH

Auth & access control

Missing auth guards, broken session checks, IDOR on owned resources.

INPUT

Input validation & injection

Unvalidated user input flowing into queries, commands, template strings.

CRYPTO

Cryptography

Weak hashing, insecure random, missing constant-time comparisons.

API

API security

Open routes, missing rate limits, CORS wildcards, exposed debug endpoints.

LOG

Logging & PII

Secrets in logs, PII in error traces, unbounded error surfaces.

WEB

Cross-site & CSP

XSS sinks, missing CSP headers, unsafe HTML rendering patterns.

SUPPLY

Supply chain

Known-vulnerable deps, suspicious install scripts, unpinned critical modules.

Your upload auto-deletes in 7 days. Findings purge in 7days. Emails only used for cohort launch announcements — unsubscribe one click.

By scanning, you agree to our Terms and Privacy Policy.

Want a coach to walk it?

A scanner shows you what’s broken. A coach shows you why you keep writing it and how to stop. Early AI-dopters get the platform for free.