AI Code Security Platform

The AI vulnerability scanner for AI-generated code

SafeWeave is an AI vulnerability scanner that runs 8 specialized engines from one MCP command. It finds the vulnerabilities AI assistants introduce — in your editor, locally, in about 12 seconds.

8 scanners · ~12s per scan · runs locally · MCP-native

The Problem

Generic scanners miss how AI code goes wrong

Most vulnerability scanners are built for hand-written code reviewed in CI. AI assistants introduce a different risk profile: confidently insecure patterns, outdated dependency suggestions, and infrastructure config copied from training data. You need a vulnerability scanner that runs at generation time and covers code, dependencies, and config in a single pass.

How SafeWeave Solves It

Purpose-built for AI-generated code

  • Eight scanners in one command — SAST, secrets, dependencies, IaC, containers, DAST, license, and posture.

  • Built on proven open-source engines: Semgrep, Trivy, Gitleaks, and Nuclei, with 300+ rules.

  • Runs locally and MCP-native, so scanning happens inside Cursor, Claude Code, VS Code, and Windsurf.

  • Surfaces injection, XSS, SSRF, path traversal, leaked secrets, and known CVEs in one report.

  • Open-core and MIT-licensed, with a full scan completing in roughly 12 seconds.

One Command

8 security scanners, powered by trusted open-source engines

SafeWeave wraps Semgrep, Trivy, Gitleaks, and Nuclei behind a single MCP command with 300+ rules — no per-tool setup, no context switching. Open-core and MIT-licensed.

SAST

Semgrep

Finds SQL injection, XSS, SSRF, and path traversal in source code.

Secrets Detection

Gitleaks

Catches API keys, tokens, and credentials before they get committed.

Dependency Scanning

Trivy

CVE detection across npm, pip, Maven, Go modules, and more.

IaC Security

Trivy

Terraform, CloudFormation, and Kubernetes misconfiguration checks.

Container Scanning

Trivy

Dockerfile and image vulnerability analysis for your builds.

DAST

Nuclei

Dynamic testing of running applications for live vulnerabilities.

License Compliance

Open-core

Flags risky open-source licenses across your dependency tree.

Security Posture

Open-core

Overall security health scoring and trend tracking over time.

Ship AI-generated code with confidence

Run all 8 scanners in your editor in about 12 seconds. No credit card, no source code stored.

Scan Your AI Code in 30 SecondsView on GitHub