8 scanners. 12 seconds. Zero config.
AI Code Security Scanner
8 Scanners, 12 Seconds.
You prompt, AI writes, SafeWeave scans. Vulnerabilities caught in 12 seconds — so you can ship fast without shipping exploits.
Built by ex-Snyk & Trail of Bits engineers. Purpose-built for Cursor, Claude Code, and Windsurf — where AI-generated vulnerabilities actually happen. Meet the team →
Install now — one command, no signup
npx safeweave-mcpOr add to Claude Code:
claude mcp add safeweave -- npx -y safeweave-mcpNo credit card. No sales call. No waiting. Your code stays on your machine.
const filter = req.query.filter;
const result = db.query(`SELECT * FROM users WHERE name = '${filter}'`);const result = db.query(
'SELECT * FROM users WHERE name = $1',
[filter]
);WHAT GETS SCANNED
8 scanners. Zero blind spots.
Every attack surface covered — from source code to running containers — through a single integration point.
All 8 scanners run in parallel. Average scan time: 12 seconds on a 50k LOC codebase. Powered by Semgrep, Trivy, Gitleaks, and Checkov — battle-tested by millions of developers.
BUILT FOR YOU
Who is SafeWeave for?
Scan from your IDE. Ship with confidence.
SafeWeave runs as an MCP server inside Cursor, Claude Code, and VS Code. Just ask your AI to scan — no context switching, no dashboards, no config files. Free forever on the self-hosted tier.
Start Scanning FreeFree Resource
Get our free OWASP AI security checklist
10 things to check before shipping AI-generated code to production. Delivered to your inbox.
No spam. Unsubscribe anytime.
WHY US
Why SafeWeave?
See how we stack up against other security platforms.
| Feature | SafeWeave | Snyk | Semgrep | GitHub Advanced Security |
|---|---|---|---|---|
| MCP-native | ✓ | — | — | — |
| AI IDE support | Cursor, Claude Code, VS Code, Windsurf | VS Code only | VS Code only | GitHub Copilot |
| Starting price | $0/mo | $25/mo | $40/mo | $49/mo |
| Scan time (avg) | 12s | 45s | 30s | 60s |
| Open source scanners | ✓ | Partial | ✓ | — |
| Free tier | ✓ | Limited | ✓ | — |
| Compliance profiles | SOC 2, HIPAA, PCI-DSS, OWASP * | SOC 2 | — | — |
| Self-hosted option | ✓ | ✓ | ✓ | — |
| CI/CD integration | ✓ | ✓ | ✓ | GitHub only |
* Compliance profiles and all 8 scanners require Self-Hosted Pro or higher. Free tier includes SAST (top 20 rules), Secrets, and Dependency scanning.
FINDINGS
What a finding looks like
Every finding includes severity, location, and an AI-generated fix suggestion.
45 const query = "SELECT * FROM users"; 46 const filter = req.query.filter; 47 const result = db.query(`${query} WHERE name = '${filter}'`); 48 return res.json(result.rows);
Use parameterized queries instead of string interpolation to prevent SQL injection:
const result = db.query( 'SELECT * FROM users WHERE name = $1', [filter] );
What You Get
See your security posture at a glance
Track findings, monitor trends, and get AI-suggested fixes — all from your dashboard.
Security Score
Total Findings
8
+2 since last scan
Scans This Week
23
avg 12s
Compliance
SOC 2
profile active
Getting Started
Running in under 2 minutes
Run one command — no signup needed
The free tier works instantly with zero registration. Run npx safeweave-mcp and start scanning. 3 scanners (SAST, Secrets, Dependencies), unlimited local scans, no license key required. Sign up later only if you want to unlock all 8 scanners or track trends.
# Just run it — no signup, no license key, no config
$ npx safeweave-mcp
# That's it. Free tier scans locally with:
# ✓ SAST (Semgrep/Opengrep)
# ✓ Secrets (Gitleaks)
# ✓ Dependencies (npm audit, pip-audit, etc.)
#
# Want all 8 scanners? Add a license key later:
# SAFEWEAVE_LICENSE_KEY=sw_shpro_xxxConnect your editor
Add SafeWeave as an MCP server in your AI editor of choice. Set your license key as an environment variable and you are ready to scan.
# Claude Code
$ claude mcp add safeweave \
-e SAFEWEAVE_LICENSE_KEY=sw_live_xxx \
-- npx -y safeweave-mcp
# Cursor — .cursor/mcp.json
{
"mcpServers": {
"safeweave": {
"command": "npx",
"args": ["-y", "safeweave-mcp"],
"env": { "SAFEWEAVE_LICENSE_KEY": "sw_live_xxx" }
}
}
}
# VS Code — .vscode/mcp.json
{
"servers": {
"safeweave": {
"command": "npx",
"args": ["-y", "safeweave-mcp"],
"env": { "SAFEWEAVE_LICENSE_KEY": "sw_live_xxx" }
}
}
}Ask your AI to scan
Just type a natural-language prompt. SafeWeave handles the rest — SAST, secrets, and dependency scanning run locally on your machine. Your code never leaves your device.
> "Scan this project for security vulnerabilities"
> "Check for hardcoded secrets and leaked API keys"
> "Run a dependency audit on this repo"
> "How secure is this codebase? Give me a score."
[scanning] 3 scanners running in parallel...
✓ SAST 2 findings (1 high, 1 medium)
✓ Secrets 1 finding (1 critical — API key in config.ts)
✓ Dependencies 3 findings (1 high, 2 medium)
Score: 78/100 ► 6 findings (1 critical, 2 high, 3 medium)Upgrade for more power
Self-Hosted Pro ($15/mo) unlocks all 8 scanners, compliance profiles, and a local dashboard — everything runs on your machine. Need team features? Cloud plans add hosted dashboards, trend tracking, and AI-suggested fixes.
# Self-Hosted Pro: all 8 scanners + dashboard
# Same license key, just upgrade at safeweave.dev
✓ SAST ✓ IaC ✓ License
✓ Secrets ✓ Container ✓ Posture
✓ Dependencies ✓ DAST
# Compliance profiles included:
Standard · Hardened · OWASP
SOC 2 · PCI-DSS · HIPAAReady to secure your code?
CI/CD
Works with your existing stack
Drop SafeWeave into any CI pipeline with a single command. No Docker required.
# .github/workflows/security.yml
name: SafeWeave Security Scan
on: [push, pull_request]
jobs:
scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- run: npx safeweave-mcp scan --all --ci
env:
SAFEWEAVE_LICENSE_KEY: ${{ secrets.SAFEWEAVE_KEY }}Auto-scan before every push
Install the secure-before-push skill and SafeWeave automatically scans your code before every git commit, push, and PR. No manual steps.
You write code
Build features as usual with your AI editor
Auto-scan triggers
SafeWeave scans before every commit and push
Issues blocked
Critical and high severity findings block the push
Ship secure code
Only clean code reaches your repository
Run in your terminal
mkdir -p ~/.claude/skills/secure-before-push
curl -sL https://raw.githubusercontent.com/nickfluxk/safeweave/main/skills/secure-before-push/SKILL.md \
-o ~/.claude/skills/secure-before-push/SKILL.mdWhat happens: Before every git commit, git push, or PR creation, Claude automatically runs a SafeWeave scan. Critical and high findings block the operation. Medium findings warn you. Low/info findings pass through.
Critical / High
Blocks push
Medium
Warns you
Low / Info
Passes through
Ready to find what your AI missed?
Testimonials
Loved by vibe coders who ship safe
“We plugged SafeWeave into Cursor and immediately caught a hardcoded API key that had been in our codebase for months. The MCP workflow is a game-changer.”
“Average scan time went from 90 seconds with our old tool to 12 seconds. My team actually runs scans now instead of skipping them before every PR.”
“The fact that I can just type "scan this project" in Claude Code and get back structured findings with fix suggestions — that's the future of AppSec.”
THE SAFEWEAVE PROMISE
Zero disruption or your money back
CI SPEED
If SafeWeave adds more than 30 seconds to your CI pipeline, we refund your first month.
ZERO LOCK-IN
Cancel anytime. Export all findings data. No contracts, no penalties, no exit fees.
NO ALERT FATIGUE
Smart deduplication and severity scoring. Only real vulnerabilities surface — no noise.
14-day money-back guarantee on all paid plans · Cancel anytime
Pricing
Transparent pricing. No surprises.
Start free with npx safeweave-mcp. Upgrade when your needs grow.
Free
10 scans with no signup. Register free for unlimited.
- ✓Instant trial (10 scans, no signup)
- ✓SAST (top 20 curated rules)
- —SAST (full registry — 3,000+ rules)
- ✓Secrets (28 built-in patterns, no custom rules)
- ✓Dependency scanning
- —All 8 scanners
- —Compliance profiles (7 frameworks)
- ✓Runs locally via npx
- —Dashboard & reporting
- —Hosted scanning
- —Team management
- —SSO
- —Custom profiles
Self-Hosted Pro
Runs on your infrastructure. License + updates included.
- —Instant trial (10 scans, no signup)
- —SAST (top 20 curated rules)
- ✓SAST (full registry — 3,000+ rules)
- ✓Secrets (28 built-in patterns, no custom rules)
- ✓Dependency scanning
- ✓All 8 scanners
- ✓Compliance profiles (7 frameworks)
- ✓Runs locally via npx
- ✓Dashboard & reporting
- —Hosted scanning
- —Team management
- —SSO
- —Custom profiles
Cloud
Popular- —Instant trial (10 scans, no signup)
- —SAST (top 20 curated rules)
- ✓SAST (full registry — 3,000+ rules)
- ✓Secrets (28 built-in patterns, no custom rules)
- ✓Dependency scanning
- ✓All 8 scanners
- ✓Compliance profiles (7 frameworks)
- —Runs locally via npx
- ✓Dashboard & reporting
- ✓Hosted scanning
- —Team management
- —SSO
- —Custom profiles
Team
Up to 25 seats · Unlimited repos
- —Instant trial (10 scans, no signup)
- —SAST (top 20 curated rules)
- ✓SAST (full registry — 3,000+ rules)
- ✓Secrets (28 built-in patterns, no custom rules)
- ✓Dependency scanning
- ✓All 8 scanners
- ✓Compliance profiles (7 frameworks)
- —Runs locally via npx
- ✓Dashboard & reporting
- ✓Hosted scanning
- ✓Team management
- ✓SSO
- ✓Custom profiles
Invite your team — get 1 month free
From the Blog
Security insights for vibe coders
SafeWeave vs mcpscan.ai: MCP Server Security vs AI Code Security
mcpscan.ai audits MCP servers. SafeWeave scans the code your AI writes. These solve different problems — here is when you need each, and why most teams need both.
MCP Server Security vs AI Code Security — Why You Need Both
The MCP security landscape has two distinct threat models. Most teams focus on server security but miss the bigger risk: vulnerabilities in AI-generated code.
SafeWeave vs Snyk Agent Scan: Which MCP Security Tool Should You Use?
Snyk agent-scan audits your MCP configurations. SafeWeave IS an MCP tool with 8 security scanners. A detailed comparison of approach, coverage, and pricing.
FAQ
Frequently asked questions
Does SafeWeave store or transmit my source code?
In Self-Hosted mode, your code stays on your machine. File contents are sent to our scanner fleet over HTTPS for analysis and immediately discarded after scanning — we never store source code. In Cloud mode, scan results (not source code) are stored for dashboard analytics.
How is this different from Snyk or GitHub Advanced Security?
SafeWeave is MCP-native — it integrates directly into AI code editors like Cursor, Claude Code, and VS Code as a first-class tool. You get 8 specialized scanners through a single npx command, with no complex setup or vendor lock-in. Self-hosted scanning starts at $0/mo.
Which CI/CD platforms are supported?
SafeWeave works with GitHub Actions, GitLab CI, CircleCI, Jenkins, and any CI/CD platform that supports Node.js. Just add npx safeweave-mcp to your pipeline.
Does the MCP server require internet access to my codebase?
The free Self-Hosted tier sends files to our scanner fleet for analysis. Self-Hosted Pro does the same but unlocks all 8 scanners. No cloud account is needed — just run npx safeweave-mcp.
What does 'Basic' SAST mean on the free plan?
The free tier includes SAST scanning with the top 20 most impactful rules covering SQL injection, XSS, SSRF, and path traversal. Custom patterns, extended rule sets, and scan history require Self-Hosted Pro or higher.
Can I self-host the MCP server?
Yes. The MCP server runs locally on your machine via npx safeweave-mcp. On the free tier you get 3 scanners; Self-Hosted Pro ($15/mo) unlocks all 8 scanners and compliance profiles while keeping everything local. Only license verification touches our servers.
Featured On
