Ship Safe docs

Ship Safe scans your repository for the security failure modes AI coding assistants frequently produce, deduplicates findings, maps each one to SOC 2 Trust Service Criteria, OWASP Top 10:2025, MITRE ATT&CK, and CWE — and (on Pro+) opens a pull request with a fix.

How a scan runs

1. You connect a repo via GitHub OAuth and click Scan.
2. We shallow-clone the default branch into an ephemeral sandbox, capped at 500MB. We never push without your explicit click.
3. Eight scanners run in parallel: Semgrep (community packs + our AI-pattern ruleset), Gitleaks (secret detection), OSV-Scanner (dependency CVEs with SBOM correlation), Trivy (container/IaC against CIS benchmarks), OWASP ZAP (dynamic API security testing), plus the hallucinated-package checker (with typosquatting and dependency-confusion detection), and the prompt-injection scanner.
4. Findings are normalized, deduplicated by sha256 fingerprint, and ranked. Confidence promotes to HIGH when 2+ scanners agree on the same finding. We compute an A–F grade and a 0–100 risk score from the severity counts.
5. Each finding is mapped to one or more SOC 2 Trust Service Criteria, OWASP Top 10:2025 categories, CWE identifiers, and MITRE ATT&CK techniques so your evidence pack can show auditor-grade coverage.
6. On Pro+, fixable findings (42 rule types including XSS, SQLi, weak crypto, IDOR, BFLA, mass assignment, and missing validation) trigger an Anthropic Claude call that produces a minimal patch, which we commit to a safeship/fix-... branch and open as a PR.

The 8 security engines

1. Semgrep (SAST)

Pattern-based static analysis with 25+ custom AI-specific rules. Detects XSS via dangerouslySetInnerHTML, SQL injection via template literals, JWT decode-without-verify, wildcard CORS with credentials, PII in logs, and more. Each rule carries CWE and OWASP metadata.

2. AI Pattern Rules

Our custom detection ruleset targets failure modes specific to AI-generated code: IDOR (Insecure Direct Object References), BFLA (Broken Function Level Authorization), mass assignment vulnerabilities, Math.random() in token generation, missing schema validation on Express/FastAPI routes, placeholder credentials, debug mode in production, and prototype pollution. Mapped to OWASP API Security Top 10 and MITRE ATT&CK.

3. Secret Detection

Gitleaks with 4 additional AI-placeholder patterns catches hardcoded API keys, tokens, private keys, and the placeholder secrets AI assistants frequently leave behind (e.g. sk-your-api-key-here). Maps to CWE-798 and SOC 2 CC6.7.

4. Dependency CVEs

OSV-Scanner correlates your dependency tree against the NVD CVE database. Calculates transitive risk scores — a deeply nested vulnerable dependency scores higher than a direct one with few dependents. Detects known CVEs in npm, PyPI, Go, Rust, and Java ecosystems. Maps to MITRE ATT&CK T1195.001 and OWASP A03:2025 (Software Supply Chain Failures).

5. Container & IaC

Trivy scans Dockerfiles, Terraform configs, and Kubernetes manifests against the CIS Docker Benchmark v1.8.0. Checks for non-root execution (USER instruction), dropped capabilities (--cap-drop ALL), read-only filesystems, resource limits, missing health checks, and unpinned base images. Findings map to MITRE ATT&CK T1610 (Deploy Container) and T1611 (Escape to Host).

6. Supply Chain Guard

Goes beyond basic dependency scanning with three layers of supply chain protection:

• Hallucinated packages — Checks every import against live npm and PyPI registries. If an AI assistant suggested a package that doesn't exist, we flag it before an attacker can claim the name and publish malware.
• Typosquatting detection — Flags misspelled and brandjacked package names using edit-distance, keyboard-proximity, and known-target corpus matching. Catches attacks like reqeusts mimicking requests.
• Dependency confusion — Detects private package names that are claimable on public registries. This is the attack vector that hit Apple, Microsoft, and PayPal. Maps to MITRE ATT&CK T1195.001.

7. Prompt Injection

Scans markdown, text files, and documentation for prompt injection patterns targeting LLM-integrated applications. Maps to OWASP A05:2025 (Injection) and MITRE ATLAS AML.T0051.

8. OWASP ZAP (DAST)

Dynamic application security testing for REST and GraphQL APIs. Runs as a sidecar container and tests for the OWASP API Security Top 10 including Broken Object Level Authorization (BOLA), excessive data exposure, missing rate limiting, and authentication bypass. Maps to OWASP Top 10:2025 and NIST CSF 2.0.

What we catch that generic SAST misses

The AI-pattern rule pack targets failure modes specific to AI-generated code: dangerouslySetInnerHTML XSS, log injection of unsanitized request fields, MD5/SHA1 used for password hashing, Math.random() inside token-generating functions, missing schema validation on Express/FastAPI route handlers, JWT decode-without-verify, wildcard CORS with credentials, PII accidentally logged, IDOR, BFLA, and mass assignment vulnerabilities.

We also detect supply chain attacks — hallucinated packages (dependencies suggested by AI that don't exist on npm/PyPI), typosquatted package names (misspelled variants of popular packages), and dependency confusion (private names claimable on public registries).

Framework mappings

Every finding is tagged with identifiers from these frameworks:

• OWASP Top 10:2025 — All 10 categories from Broken Access Control to Mishandling Exceptional Conditions
• CWE — Common Weakness Enumeration IDs for precise classification
• SOC 2 TSC — 9 Trust Service Criteria (CC3.2, CC6.1, CC6.6, CC6.7, CC6.8, CC7.1, CC7.2, CC8.1, A1.2)
• MITRE ATT&CK — Enterprise techniques including T1195 (Supply Chain), T1190 (Exploit Public-Facing App), T1610 (Deploy Container)
• CIS Benchmarks — Docker container hardening per CIS Docker Benchmark v1.8.0
• NIST CSF 2.0 — Identify, Protect, Detect, Respond, and Recover functions

Privacy + data handling

• Repository contents are cloned only for the duration of a scan and removed afterwards.
• Your GitHub access token is stored encrypted at rest using AES-256-GCM. Loss of the encryption key (ENCRYPTION_KEY) invalidates all stored tokens.
• Raw scanner output is retained for triage; secret values are redacted.

CI integration — GitHub Actions

Add SafeShip to your CI pipeline with a single step. Every push gets a security grade, and PRs get a comment with the results.

# .github/workflows/security.yml
name: Security Scan
on: [push, pull_request]
jobs:
  safeship:
    runs-on: ubuntu-latest
    permissions:
      pull-requests: write
    steps:
      - uses: actions/checkout@v4
      - uses: jerkean2139/shipsafe/.github/actions/safeship-scan@main
        with:
          api-key: ${{ secrets.SAFESHIP_API_KEY }}
          fail-below: C  # fail the check if grade is below C

Or use the reusable workflow for an even simpler setup:

# .github/workflows/security.yml
name: Security Scan
on: [push, pull_request]
jobs:
  safeship:
    uses: jerkean2139/shipsafe/.github/workflows/safeship-reusable.yml@main
    with:
      fail-below: C
    secrets:
      safeship-api-key: ${{ secrets.SAFESHIP_API_KEY }}

README badge

Show your security grade in your README. Add this markdown:

![SafeShip Security Grade](https://api.safeship.dev/v1/badges/owner--repo)

Replace owner--repo with your GitHub org and repo name separated by --. The badge updates automatically after each scan.

API access

Generate an API key in Settings → API keys and pass it as Authorization: Bearer ssk_… on calls to /v1/scans, /v1/findings, etc.