AI Code Security Platform

Ship AI-generated code without shipping vulnerabilities.

SafeWeave is an AI vulnerability scanner that checks the code your AI writes — SAST, secrets detection, and dependency scanning — right inside Cursor, Claude Code, VS Code, and Windsurf. Catch and fix issues in seconds, before they reach production.

No signup — paste in your terminal

$ npx -y safeweave-mcp
10 free scans, no signupRuns locally — code never leaves your machine8 scanners, one ranked result

Free forever for 3 scanners · No credit card · No sales call

8

scanner engines

3,000+

SAST rules

OWASP

Top 10 coverage

MIT

licensed open core

MCP-native

Cursor · Claude Code · VS Code · Windsurf

Why SafeWeave

AppSec that keeps up with your AI

Traditional scanners were built for a slower, cloud-first world. SafeWeave is AI-native — local, editor-first, and shaped around the way you actually ship today.

Local scanning

Every scanner runs on your machine. Your code never leaves your device — no upload, no cloud round-trip, no exposure.

AI-assisted remediation

Fixes are suggested right where you code. Ask your AI to patch a finding and apply the diff without leaving the file.

Editor-native workflow

MCP plugs SafeWeave straight into Cursor, Claude Code, VS Code and Windsurf. Scan from a prompt — zero context switching.

Built for AI-generated code

Tuned for the patterns AI coding tools actually produce — so the findings match the code your assistant is writing today.

One-command install

No org setup, no CI wiring to get started. Run a single npx command and you are scanning in seconds.

8 scanners, one result

SAST, secrets, dependencies, IaC, container, DAST, license and posture run in parallel — unified into a single report.

DimensionSafeWeaveTraditional AppSec
Where it runsLocally — code never leaves your machineCloud upload required
Install timeOne command, scanning in secondsAccount, org config & CI wiring
WorkflowInside your editor via MCPSeparate dashboard, context switch
RemediationAI-suggested fixes in your editorTicket, triage, hand-off
AI-code fitTuned for AI-generated patternsBuilt for human-written code

Architectural comparison — how the tools work, not a benchmark.

Getting Started

Running in under 2 minutes

Run one command — no signup needed

The free tier works instantly with zero registration. Run npx safeweave-mcp and start scanning. 3 scanners (SAST, Secrets, Dependencies), unlimited local scans, no license key required. Sign up later only if you want to unlock all 8 scanners or track trends.

shell
# Just run it — no signup, no license key, no config
$ npx safeweave-mcp

# That's it. Free tier scans locally with:
#   ✓ SAST (Semgrep/Opengrep)
#   ✓ Secrets (Gitleaks)
#   ✓ Dependencies (npm audit, pip-audit, etc.)
#
# Want all 8 scanners? Add a license key later:
# SAFEWEAVE_LICENSE_KEY=sw_shpro_xxx

Connect your editor

Add SafeWeave as an MCP server in your AI editor of choice. Set your license key as an environment variable and you are ready to scan.

json
# Claude Code
$ claude mcp add safeweave \
    -e SAFEWEAVE_LICENSE_KEY=sw_live_xxx \
    -- npx -y safeweave-mcp

# Cursor — .cursor/mcp.json
{
  "mcpServers": {
    "safeweave": {
      "command": "npx",
      "args": ["-y", "safeweave-mcp"],
      "env": { "SAFEWEAVE_LICENSE_KEY": "sw_live_xxx" }
    }
  }
}

# VS Code — .vscode/mcp.json
{
  "servers": {
    "safeweave": {
      "command": "npx",
      "args": ["-y", "safeweave-mcp"],
      "env": { "SAFEWEAVE_LICENSE_KEY": "sw_live_xxx" }
    }
  }
}

Ask your AI to scan

Just type a natural-language prompt. SafeWeave handles the rest — SAST, secrets, and dependency scanning run locally on your machine. Your code never leaves your device.

shell
> "Scan this project for security vulnerabilities"
> "Check for hardcoded secrets and leaked API keys"
> "Run a dependency audit on this repo"
> "How secure is this codebase? Give me a score."

  [scanning] 3 scanners running in parallel...

  ✓ SAST          2 findings  (1 high, 1 medium)
  ✓ Secrets       1 finding   (1 critical — API key in config.ts)
  ✓ Dependencies  3 findings  (1 high, 2 medium)

  Score: 78/100  ► 6 findings (1 critical, 2 high, 3 medium)

Upgrade for more power

Self-Hosted Pro ($15/mo) unlocks all 8 scanners, compliance profiles, and a local dashboard — everything runs on your machine. Need team features? Cloud plans add hosted dashboards, trend tracking, and AI-suggested fixes.

shell
# Self-Hosted Pro: all 8 scanners + dashboard
# Same license key, just upgrade at safeweave.dev

  ✓ SAST          ✓ IaC          ✓ License
  ✓ Secrets       ✓ Container    ✓ Posture
  ✓ Dependencies  ✓ DAST

# Compliance profiles included:
  Standard · Hardened · OWASP
  SOC 2 · PCI-DSS · HIPAA

WHAT GETS SCANNED

8 scanners. Zero blind spots.

Every attack surface covered — from source code to running containers — through a single integration point.

All 8 scanners run in parallel. Average scan time: 12 seconds on a 50k LOC codebase. Powered by Semgrep, Trivy, Gitleaks, and Checkov — battle-tested by millions of developers.

How it's built

One protocol in. Eight scanners out.

A prompt in your editor reaches every scanner through a single MCP connection — no plugins to juggle, no dashboards to tab into.

AI editor

CursorClaude CodeVS CodeWindsurf
SafeWeave GatewayMCP server
Parallel Scanning Enginefan-out
SAST
Secrets
Dependencies
IaC
Container
DAST
License
Posture
Unified resultone report · one score

Fast by design. Scanners run in parallel rather than in sequence, and execution stays local — so there is no upload latency between writing code and seeing results.

Deploy your way

Everything on your machine

Gateway, engine and all scanners run on your device. Code is never transmitted — the default for individual developers.

  • Zero code upload
  • One-command npx start
  • Works fully offline

FINDINGS

What a finding looks like

Every finding includes severity, location, and an AI-generated fix suggestion.

HIGHSQL Injection via unsanitized input
CWE-89 · SAST
src/api/users.ts:47:12
45  const query = "SELECT * FROM users";
46  const filter = req.query.filter;
47  const result = db.query(`${query} WHERE name = '${filter}'`);
48  return res.json(result.rows);
FIX

Use parameterized queries instead of string interpolation to prevent SQL injection:

const result = db.query(
  'SELECT * FROM users WHERE name = $1',
  [filter]
);
Auto-detected in 0.8sAI fix suggestion includedMapped to OWASP A03:2021

What You Get

See your security posture at a glance

Track findings, monitor trends, and get AI-suggested fixes — all from your dashboard.

safeweave.dev/dashboard

Security Score

61/100

Total Findings

8

+2 since last scan

Scans This Week

23

avg 12s

Compliance

SOC 2

profile active

Recent Findings8 total
CRIHardcoded API key in config.ts
HIGHSQL injection via unsanitized input
HIGHPrototype pollution in lodash < 4.17.21
MEDMissing rate limiting on /api/auth
MEDContainer running as root

WHY US

Why SafeWeave?

See how we stack up against other security platforms.

Feature comparison between SafeWeave and competitors
FeatureSafeWeaveSnykSemgrepGitHub Advanced Security
MCP-native
AI IDE supportCursor, Claude Code, VS Code, WindsurfVS Code onlyVS Code onlyGitHub Copilot
Starting price$0/mo$25/mo$40/mo$49/mo
Scan time (avg)12s45s30s60s
Open source scannersPartial
Free tierLimited
Compliance profilesSOC 2, HIPAA, PCI-DSS, OWASP *SOC 2
Self-hosted option
CI/CD integrationGitHub only

* Compliance profiles and all 8 scanners require Self-Hosted Pro or higher. Free tier includes SAST (top 20 rules), Secrets, and Dependency scanning.

BUILT FOR YOU

Who is SafeWeave for?

⌨️

Scan from your IDE. Ship with confidence.

SafeWeave runs as an MCP server inside Cursor, Claude Code, and VS Code. Just ask your AI to scan — no context switching, no dashboards, no config files. Free forever on the self-hosted tier.

Start Scanning Free

CI/CD

Works with your existing stack

Drop SafeWeave into any CI pipeline with a single command. No Docker required.

# .github/workflows/security.yml
name: SafeWeave Security Scan
on: [push, pull_request]

jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - run: npx safeweave-mcp scan --all --ci
        env:
          SAFEWEAVE_LICENSE_KEY: ${{ secrets.SAFEWEAVE_KEY }}
Claude Code Skill

Auto-scan before every push

Install the secure-before-push skill and SafeWeave automatically scans your code before every git commit, push, and PR. No manual steps.

✍️

You write code

Build features as usual with your AI editor

🛡️

Auto-scan triggers

SafeWeave scans before every commit and push

⚠️

Issues blocked

Critical and high severity findings block the push

Ship secure code

Only clean code reaches your repository

Run in your terminal

mkdir -p ~/.claude/skills/secure-before-push
curl -sL https://raw.githubusercontent.com/nickfluxk/safeweave/main/skills/secure-before-push/SKILL.md \
  -o ~/.claude/skills/secure-before-push/SKILL.md

What happens: Before every git commit, git push, or PR creation, Claude automatically runs a SafeWeave scan. Critical and high findings block the operation. Medium findings warn you. Low/info findings pass through.

Critical / High

Blocks push

Medium

Warns you

Low / Info

Passes through

Free Resource

Get our free OWASP AI security checklist

10 things to check before shipping AI-generated code to production. Delivered to your inbox.

No spam. Unsubscribe anytime.

Ready to find what your AI missed?

Start Scanning FreeFirst scan free, no signup — or paste npx -y safeweave-mcp in your terminal.

THE SAFEWEAVE PROMISE

Zero disruption or your money back

CI SPEED

If SafeWeave adds more than 30 seconds to your CI pipeline, we refund your first month.

ZERO LOCK-IN

Cancel anytime. Export all findings data. No contracts, no penalties, no exit fees.

NO ALERT FATIGUE

Smart deduplication and severity scoring. Only real vulnerabilities surface — no noise.

14-day money-back guarantee on all paid plans · Cancel anytime

Pricing

Transparent pricing. No surprises.

Free forever with 3 scanners — run npx -y safeweave-mcp. First 10 scans need no signup; unlimited scans with a free account.

MonthlyYearlyYearly — save 2 months free 🎉

Free

$0

First 10 scans need no signup. Unlimited scans with a free account.

  • Instant trial (10 scans, no signup)
  • SAST (top 20 curated rules)
  • SAST (full registry — 3,000+ rules)
  • Secrets (28 built-in patterns, no custom rules)
  • Dependency scanning
  • All 8 scanners
  • Compliance profiles (7 frameworks)
  • Runs locally via npx
  • Dashboard & reporting
  • Hosted scanning
  • Team management
  • SSO
  • Custom profiles

Self-Hosted Pro

Most Popular
$15/mo

Runs on your infrastructure. License + updates included.

  • Instant trial (10 scans, no signup)
  • SAST (top 20 curated rules)
  • SAST (full registry — 3,000+ rules)
  • Secrets (28 built-in patterns, no custom rules)
  • Dependency scanning
  • All 8 scanners
  • Compliance profiles (7 frameworks)
  • Runs locally via npx
  • Dashboard & reporting
  • Hosted scanning
  • Team management
  • SSO
  • Custom profiles
Self-Host in 5 Minutes
14-day money-back guarantee · Cancel anytime

Cloud

$29/mo
  • Instant trial (10 scans, no signup)
  • SAST (top 20 curated rules)
  • SAST (full registry — 3,000+ rules)
  • Secrets (28 built-in patterns, no custom rules)
  • Dependency scanning
  • All 8 scanners
  • Compliance profiles (7 frameworks)
  • Runs locally via npx
  • Dashboard & reporting
  • Hosted scanning
  • Team management
  • SSO
  • Custom profiles
Start 14-Day Trial
14-day money-back guarantee · Cancel anytime

Team

$99/mo

Up to 25 seats · Unlimited repos

  • Instant trial (10 scans, no signup)
  • SAST (top 20 curated rules)
  • SAST (full registry — 3,000+ rules)
  • Secrets (28 built-in patterns, no custom rules)
  • Dependency scanning
  • All 8 scanners
  • Compliance profiles (7 frameworks)
  • Runs locally via npx
  • Dashboard & reporting
  • Hosted scanning
  • Team management
  • SSO
  • Custom profiles
Try Team Free
14-day money-back guarantee · Cancel anytime

Invite your team — get 1 month free

FAQ

Frequently asked questions

Does SafeWeave store or transmit my source code?

In Self-Hosted mode, your code stays on your machine. File contents are sent to our scanner fleet over HTTPS for analysis and immediately discarded after scanning — we never store source code. In Cloud mode, scan results (not source code) are stored for dashboard analytics.

How is this different from Snyk or GitHub Advanced Security?

SafeWeave is MCP-native — it integrates directly into AI code editors like Cursor, Claude Code, and VS Code as a first-class tool. You get 8 specialized scanners through a single npx command, with no complex setup or vendor lock-in. Self-hosted scanning starts at $0/mo.

Which CI/CD platforms are supported?

SafeWeave works with GitHub Actions, GitLab CI, CircleCI, Jenkins, and any CI/CD platform that supports Node.js. Just add npx safeweave-mcp to your pipeline.

Does the MCP server require internet access to my codebase?

The free Self-Hosted tier sends files to our scanner fleet for analysis. Self-Hosted Pro does the same but unlocks all 8 scanners. No cloud account is needed — just run npx safeweave-mcp.

What does 'Basic' SAST mean on the free plan?

The free tier includes SAST scanning with the top 20 most impactful rules covering SQL injection, XSS, SSRF, and path traversal. Custom patterns, extended rule sets, and scan history require Self-Hosted Pro or higher.

Can I self-host the MCP server?

Yes. The MCP server runs locally on your machine via npx safeweave-mcp. On the free tier you get 3 scanners; Self-Hosted Pro ($15/mo) unlocks all 8 scanners and compliance profiles while keeping everything local. Only license verification touches our servers.