This is a sample report with example data. Scan your own repo to get a real one.
C

acme/checkout-api

This codebase has 1 critical issue that must be fixed before going to production.

Scanned main@a1b2c3d · just now · 10 scanners · risk score 58

Scan your repo free

Findings summary

CRITICAL

1

Critical

HIGH

3

High

MEDIUM

5

Medium

LOW

2

Low

INFO

1

Info

CRITICAL

Hardcoded API key committed to source

src/lib/stripe.ts:14

A live Stripe secret key is embedded in the source. AI assistants frequently inline secrets from examples. Rotate the key and load it from an environment variable.

AI patternSecret DetectionCWE-798OWASP A07:2025
Auto-fix available
HIGH

SQL query built with string concatenation

src/db/users.ts:52

User input is concatenated directly into a SQL string, allowing injection. Use parameterized queries.

AI patternSemgrep (SAST)CWE-89OWASP A05:2025
Auto-fix available
HIGH

Hallucinated npm package "react-secure-auth"

package.json:21

This dependency does not exist on the npm registry — a classic AI hallucination and a supply-chain risk if a squatter publishes it.

AI patternHallucinated PackagesCWE-1357OWASP A06:2025
MEDIUM

Missing rate limiting on auth endpoint

src/routes/login.ts:8

The login route has no rate limiting, enabling credential-stuffing attacks.

AI Pattern RulesCWE-307OWASP A04:2025

Get this for your repo

Connect a GitHub repo and get a real graded report in under five minutes — free.

Scan your repo free