$ npx -y safeweave-mcp — first scan free, no signup
Ship AI-generated code
without shipping vulnerabilities.
SafeWeave is an AI vulnerability scanner that checks the code your AI writes — SAST, secrets detection, and dependency scanning — right inside Cursor, Claude Code, VS Code, and Windsurf. Catch and fix issues in seconds, before they reach production.
No signup — paste in your terminal
$ npx -y safeweave-mcpFree forever for 3 scanners · No credit card · No sales call
Security score 94/100
Hardcoded API key
config/db.ts:12
SQL injection in query builder
api/users.ts:47
Outdated dependency: axios 0.21.1
package.json
Missing input validation
routes/auth.ts:88
8
scanner engines
3,000+
SAST rules
OWASP
Top 10 coverage
MIT
licensed open core
MCP-native
Cursor · Claude Code · VS Code · Windsurf
Why SafeWeave
AppSec that keeps up with your AI
Traditional scanners were built for a slower, cloud-first world. SafeWeave is AI-native — local, editor-first, and shaped around the way you actually ship today.
Local scanning
Every scanner runs on your machine. Your code never leaves your device — no upload, no cloud round-trip, no exposure.
AI-assisted remediation
Fixes are suggested right where you code. Ask your AI to patch a finding and apply the diff without leaving the file.
Editor-native workflow
MCP plugs SafeWeave straight into Cursor, Claude Code, VS Code and Windsurf. Scan from a prompt — zero context switching.
Built for AI-generated code
Tuned for the patterns AI coding tools actually produce — so the findings match the code your assistant is writing today.
One-command install
No org setup, no CI wiring to get started. Run a single npx command and you are scanning in seconds.
8 scanners, one result
SAST, secrets, dependencies, IaC, container, DAST, license and posture run in parallel — unified into a single report.
Architectural comparison — how the tools work, not a benchmark.
Getting Started
Running in under 2 minutes
Run one command — no signup needed
The free tier works instantly with zero registration. Run npx safeweave-mcp and start scanning. 3 scanners (SAST, Secrets, Dependencies), unlimited local scans, no license key required. Sign up later only if you want to unlock all 8 scanners or track trends.
# Just run it — no signup, no license key, no config
$ npx safeweave-mcp
# That's it. Free tier scans locally with:
# ✓ SAST (Semgrep/Opengrep)
# ✓ Secrets (Gitleaks)
# ✓ Dependencies (npm audit, pip-audit, etc.)
#
# Want all 8 scanners? Add a license key later:
# SAFEWEAVE_LICENSE_KEY=sw_shpro_xxxConnect your editor
Add SafeWeave as an MCP server in your AI editor of choice. Set your license key as an environment variable and you are ready to scan.
# Claude Code
$ claude mcp add safeweave \
-e SAFEWEAVE_LICENSE_KEY=sw_live_xxx \
-- npx -y safeweave-mcp
# Cursor — .cursor/mcp.json
{
"mcpServers": {
"safeweave": {
"command": "npx",
"args": ["-y", "safeweave-mcp"],
"env": { "SAFEWEAVE_LICENSE_KEY": "sw_live_xxx" }
}
}
}
# VS Code — .vscode/mcp.json
{
"servers": {
"safeweave": {
"command": "npx",
"args": ["-y", "safeweave-mcp"],
"env": { "SAFEWEAVE_LICENSE_KEY": "sw_live_xxx" }
}
}
}Ask your AI to scan
Just type a natural-language prompt. SafeWeave handles the rest — SAST, secrets, and dependency scanning run locally on your machine. Your code never leaves your device.
> "Scan this project for security vulnerabilities"
> "Check for hardcoded secrets and leaked API keys"
> "Run a dependency audit on this repo"
> "How secure is this codebase? Give me a score."
[scanning] 3 scanners running in parallel...
✓ SAST 2 findings (1 high, 1 medium)
✓ Secrets 1 finding (1 critical — API key in config.ts)
✓ Dependencies 3 findings (1 high, 2 medium)
Score: 78/100 ► 6 findings (1 critical, 2 high, 3 medium)Upgrade for more power
Self-Hosted Pro ($15/mo) unlocks all 8 scanners, compliance profiles, and a local dashboard — everything runs on your machine. Need team features? Cloud plans add hosted dashboards, trend tracking, and AI-suggested fixes.
# Self-Hosted Pro: all 8 scanners + dashboard
# Same license key, just upgrade at safeweave.dev
✓ SAST ✓ IaC ✓ License
✓ Secrets ✓ Container ✓ Posture
✓ Dependencies ✓ DAST
# Compliance profiles included:
Standard · Hardened · OWASP
SOC 2 · PCI-DSS · HIPAAReady to secure your code?
WHAT GETS SCANNED
8 scanners. Zero blind spots.
Every attack surface covered — from source code to running containers — through a single integration point.
All 8 scanners run in parallel. Average scan time: 12 seconds on a 50k LOC codebase. Powered by Semgrep, Trivy, Gitleaks, and Checkov — battle-tested by millions of developers.
How it's built
One protocol in. Eight scanners out.
A prompt in your editor reaches every scanner through a single MCP connection — no plugins to juggle, no dashboards to tab into.
AI editor
Fast by design. Scanners run in parallel rather than in sequence, and execution stays local — so there is no upload latency between writing code and seeing results.
Deploy your way
Everything on your machine
Gateway, engine and all scanners run on your device. Code is never transmitted — the default for individual developers.
- Zero code upload
- One-command npx start
- Works fully offline
FINDINGS
What a finding looks like
Every finding includes severity, location, and an AI-generated fix suggestion.
45 const query = "SELECT * FROM users"; 46 const filter = req.query.filter; 47 const result = db.query(`${query} WHERE name = '${filter}'`); 48 return res.json(result.rows);
Use parameterized queries instead of string interpolation to prevent SQL injection:
const result = db.query( 'SELECT * FROM users WHERE name = $1', [filter] );
What You Get
See your security posture at a glance
Track findings, monitor trends, and get AI-suggested fixes — all from your dashboard.
Security Score
Total Findings
8
+2 since last scan
Scans This Week
23
avg 12s
Compliance
SOC 2
profile active
WHY US
Why SafeWeave?
See how we stack up against other security platforms.
| Feature | SafeWeave | Snyk | Semgrep | GitHub Advanced Security |
|---|---|---|---|---|
| MCP-native | ✓ | — | — | — |
| AI IDE support | Cursor, Claude Code, VS Code, Windsurf | VS Code only | VS Code only | GitHub Copilot |
| Starting price | $0/mo | $25/mo | $40/mo | $49/mo |
| Scan time (avg) | 12s | 45s | 30s | 60s |
| Open source scanners | ✓ | Partial | ✓ | — |
| Free tier | ✓ | Limited | ✓ | — |
| Compliance profiles | SOC 2, HIPAA, PCI-DSS, OWASP * | SOC 2 | — | — |
| Self-hosted option | ✓ | ✓ | ✓ | — |
| CI/CD integration | ✓ | ✓ | ✓ | GitHub only |
* Compliance profiles and all 8 scanners require Self-Hosted Pro or higher. Free tier includes SAST (top 20 rules), Secrets, and Dependency scanning.
BUILT FOR YOU
Who is SafeWeave for?
Scan from your IDE. Ship with confidence.
SafeWeave runs as an MCP server inside Cursor, Claude Code, and VS Code. Just ask your AI to scan — no context switching, no dashboards, no config files. Free forever on the self-hosted tier.
Start Scanning FreeCI/CD
Works with your existing stack
Drop SafeWeave into any CI pipeline with a single command. No Docker required.
# .github/workflows/security.yml
name: SafeWeave Security Scan
on: [push, pull_request]
jobs:
scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- run: npx safeweave-mcp scan --all --ci
env:
SAFEWEAVE_LICENSE_KEY: ${{ secrets.SAFEWEAVE_KEY }}Auto-scan before every push
Install the secure-before-push skill and SafeWeave automatically scans your code before every git commit, push, and PR. No manual steps.
You write code
Build features as usual with your AI editor
Auto-scan triggers
SafeWeave scans before every commit and push
Issues blocked
Critical and high severity findings block the push
Ship secure code
Only clean code reaches your repository
Run in your terminal
mkdir -p ~/.claude/skills/secure-before-push
curl -sL https://raw.githubusercontent.com/nickfluxk/safeweave/main/skills/secure-before-push/SKILL.md \
-o ~/.claude/skills/secure-before-push/SKILL.mdWhat happens: Before every git commit, git push, or PR creation, Claude automatically runs a SafeWeave scan. Critical and high findings block the operation. Medium findings warn you. Low/info findings pass through.
Critical / High
Blocks push
Medium
Warns you
Low / Info
Passes through
Free Resource
Get our free OWASP AI security checklist
10 things to check before shipping AI-generated code to production. Delivered to your inbox.
No spam. Unsubscribe anytime.
Ready to find what your AI missed?
npx -y safeweave-mcp in your terminal.THE SAFEWEAVE PROMISE
Zero disruption or your money back
CI SPEED
If SafeWeave adds more than 30 seconds to your CI pipeline, we refund your first month.
ZERO LOCK-IN
Cancel anytime. Export all findings data. No contracts, no penalties, no exit fees.
NO ALERT FATIGUE
Smart deduplication and severity scoring. Only real vulnerabilities surface — no noise.
14-day money-back guarantee on all paid plans · Cancel anytime
Pricing
Transparent pricing. No surprises.
Free forever with 3 scanners — run npx -y safeweave-mcp. First 10 scans need no signup; unlimited scans with a free account.
Free
First 10 scans need no signup. Unlimited scans with a free account.
- ✓Instant trial (10 scans, no signup)
- ✓SAST (top 20 curated rules)
- —SAST (full registry — 3,000+ rules)
- ✓Secrets (28 built-in patterns, no custom rules)
- ✓Dependency scanning
- —All 8 scanners
- —Compliance profiles (7 frameworks)
- ✓Runs locally via npx
- —Dashboard & reporting
- —Hosted scanning
- —Team management
- —SSO
- —Custom profiles
Self-Hosted Pro
Most PopularRuns on your infrastructure. License + updates included.
- —Instant trial (10 scans, no signup)
- —SAST (top 20 curated rules)
- ✓SAST (full registry — 3,000+ rules)
- ✓Secrets (28 built-in patterns, no custom rules)
- ✓Dependency scanning
- ✓All 8 scanners
- ✓Compliance profiles (7 frameworks)
- ✓Runs locally via npx
- ✓Dashboard & reporting
- —Hosted scanning
- —Team management
- —SSO
- —Custom profiles
Cloud
- —Instant trial (10 scans, no signup)
- —SAST (top 20 curated rules)
- ✓SAST (full registry — 3,000+ rules)
- ✓Secrets (28 built-in patterns, no custom rules)
- ✓Dependency scanning
- ✓All 8 scanners
- ✓Compliance profiles (7 frameworks)
- —Runs locally via npx
- ✓Dashboard & reporting
- ✓Hosted scanning
- —Team management
- —SSO
- —Custom profiles
Team
Up to 25 seats · Unlimited repos
- —Instant trial (10 scans, no signup)
- —SAST (top 20 curated rules)
- ✓SAST (full registry — 3,000+ rules)
- ✓Secrets (28 built-in patterns, no custom rules)
- ✓Dependency scanning
- ✓All 8 scanners
- ✓Compliance profiles (7 frameworks)
- —Runs locally via npx
- ✓Dashboard & reporting
- ✓Hosted scanning
- ✓Team management
- ✓SSO
- ✓Custom profiles
Invite your team — get 1 month free
From the Blog
Security insights for vibe coders
SafeWeave vs mcpscan.ai: MCP Server Security vs AI Code Security
mcpscan.ai audits MCP servers. SafeWeave scans the code your AI writes. These solve different problems — here is when you need each, and why most teams need both.
MCP Server Security vs AI Code Security — Why You Need Both
The MCP security landscape has two distinct threat models. Most teams focus on server security but miss the bigger risk: vulnerabilities in AI-generated code.
SafeWeave vs Snyk Agent Scan: Which MCP Security Tool Should You Use?
Snyk agent-scan audits your MCP configurations. SafeWeave IS an MCP tool with 8 security scanners. A detailed comparison of approach, coverage, and pricing.
FAQ
Frequently asked questions
Does SafeWeave store or transmit my source code?
In Self-Hosted mode, your code stays on your machine. File contents are sent to our scanner fleet over HTTPS for analysis and immediately discarded after scanning — we never store source code. In Cloud mode, scan results (not source code) are stored for dashboard analytics.
How is this different from Snyk or GitHub Advanced Security?
SafeWeave is MCP-native — it integrates directly into AI code editors like Cursor, Claude Code, and VS Code as a first-class tool. You get 8 specialized scanners through a single npx command, with no complex setup or vendor lock-in. Self-hosted scanning starts at $0/mo.
Which CI/CD platforms are supported?
SafeWeave works with GitHub Actions, GitLab CI, CircleCI, Jenkins, and any CI/CD platform that supports Node.js. Just add npx safeweave-mcp to your pipeline.
Does the MCP server require internet access to my codebase?
The free Self-Hosted tier sends files to our scanner fleet for analysis. Self-Hosted Pro does the same but unlocks all 8 scanners. No cloud account is needed — just run npx safeweave-mcp.
What does 'Basic' SAST mean on the free plan?
The free tier includes SAST scanning with the top 20 most impactful rules covering SQL injection, XSS, SSRF, and path traversal. Custom patterns, extended rule sets, and scan history require Self-Hosted Pro or higher.
Can I self-host the MCP server?
Yes. The MCP server runs locally on your machine via npx safeweave-mcp. On the free tier you get 3 scanners; Self-Hosted Pro ($15/mo) unlocks all 8 scanners and compliance profiles while keeping everything local. Only license verification touches our servers.