AI Code Security Platform
The AI vulnerability scanner for AI-generated code
SafeWeave is an AI vulnerability scanner that runs 8 specialized engines from one MCP command. It finds the vulnerabilities AI assistants introduce — in your editor, locally, in about 12 seconds.
8 scanners · ~12s per scan · runs locally · MCP-native
The Problem
Generic scanners miss how AI code goes wrong
Most vulnerability scanners are built for hand-written code reviewed in CI. AI assistants introduce a different risk profile: confidently insecure patterns, outdated dependency suggestions, and infrastructure config copied from training data. You need a vulnerability scanner that runs at generation time and covers code, dependencies, and config in a single pass.
How SafeWeave Solves It
Purpose-built for AI-generated code
Eight scanners in one command — SAST, secrets, dependencies, IaC, containers, DAST, license, and posture.
Built on proven open-source engines: Semgrep, Trivy, Gitleaks, and Nuclei, with 300+ rules.
Runs locally and MCP-native, so scanning happens inside Cursor, Claude Code, VS Code, and Windsurf.
Surfaces injection, XSS, SSRF, path traversal, leaked secrets, and known CVEs in one report.
Open-core and MIT-licensed, with a full scan completing in roughly 12 seconds.
One Command
8 security scanners, powered by trusted open-source engines
SafeWeave wraps Semgrep, Trivy, Gitleaks, and Nuclei behind a single MCP command with 300+ rules — no per-tool setup, no context switching. Open-core and MIT-licensed.
SAST
SemgrepFinds SQL injection, XSS, SSRF, and path traversal in source code.
Secrets Detection
GitleaksCatches API keys, tokens, and credentials before they get committed.
Dependency Scanning
TrivyCVE detection across npm, pip, Maven, Go modules, and more.
IaC Security
TrivyTerraform, CloudFormation, and Kubernetes misconfiguration checks.
Container Scanning
TrivyDockerfile and image vulnerability analysis for your builds.
DAST
NucleiDynamic testing of running applications for live vulnerabilities.
License Compliance
Open-coreFlags risky open-source licenses across your dependency tree.
Security Posture
Open-coreOverall security health scoring and trend tracking over time.
Ship AI-generated code with confidence
Run all 8 scanners in your editor in about 12 seconds. No credit card, no source code stored.
Scan Your AI Code in 30 SecondsView on GitHubExplore SafeWeave