FEATURES

8 Security Scanners. One MCP Command.

From source code to running containers, SafeWeave covers every attack surface through a single integration point. SAST, secrets detection, dependency scanning, IaC security, container scanning, DAST, license compliance, and security posture — all running in parallel, returning results in ~12 seconds.

Start Scanning FreeCompare Plans

SAST

FREE

Static Application Security Testing · Powered by Semgrep

Finds SQL injection, XSS, SSRF, path traversal, and 100+ other vulnerability patterns directly in your source code.

Languages & Targets

TypeScript, JavaScript, Python, Go, Java, Ruby, Rust, PHP

Coverage

142 rules (top 20 on free tier)

Example Finding

SQL injection via unsanitized user input in query builder (CWE-89)

Use Cases

  • Catch injection vulnerabilities before they reach production
  • Enforce secure coding standards across your team
  • Detect OWASP Top 10 vulnerabilities in real time while coding

Secrets Detection

FREE

API Key & Credential Scanner · Powered by Gitleaks

Scans every file type for leaked API keys, tokens, passwords, and credentials using 28 built-in detection patterns.

Languages & Targets

All file types — source, config, .env, YAML, JSON, Dockerfiles

Coverage

28 detection patterns

Example Finding

AWS access key found in src/config.ts line 12 (CWE-798)

Use Cases

  • Prevent accidental commits of AWS keys, Stripe tokens, or database passwords
  • Scan .env files and config before pushing to a public repo
  • Detect hardcoded credentials that AI code generators commonly introduce

Dependency Scanning

FREE

Open Source Vulnerability Scanner · Powered by npm audit + OSV

Checks your dependency tree against known CVE databases. Covers npm, pip, Go modules, Cargo, Maven, and more.

Languages & Targets

npm, pip, Go modules, Cargo, Maven, Gradle — 47+ ecosystems

Coverage

47+ package ecosystems

Example Finding

lodash@4.17.20 — prototype pollution (CVE-2021-23337)

Use Cases

  • Identify packages with known exploits before deploying
  • Monitor transitive dependencies for newly disclosed CVEs
  • Meet compliance requirements for third-party software audits

Infrastructure as Code

PRO+

IaC Misconfiguration Scanner · Powered by Checkov

Detects misconfigurations in Terraform, Dockerfiles, Kubernetes YAML, and CloudFormation templates before they reach production.

Languages & Targets

Terraform, Dockerfile, Kubernetes YAML, CloudFormation, Helm

Coverage

63 checks

Example Finding

S3 bucket with public read access enabled (CIS 2.1.5)

Use Cases

  • Catch public S3 buckets, open security groups, and missing encryption
  • Enforce CIS benchmarks on your Terraform modules
  • Scan Kubernetes manifests for privilege escalation risks

Container Scanning

PRO+

Docker & OCI Image Vulnerability Scanner · Powered by Trivy

Analyzes Docker images and OCI containers layer-by-layer to find vulnerable OS packages and libraries in your base images.

Languages & Targets

Docker images, OCI images, base image analysis

Coverage

19 layer checks

Example Finding

alpine:3.14 — libcrypto1.1 has known CVE-2024-0727 (CVE-2024-0727)

Use Cases

  • Scan base images for known CVEs before building on top of them
  • Detect outdated OS packages in production container images
  • Enforce approved base image policies across your team

DAST

PRO+

Dynamic Application Security Testing · Powered by OWASP ZAP-based

Tests your running application for vulnerabilities by making real HTTP requests to API endpoints — catching issues static analysis misses.

Languages & Targets

REST APIs, GraphQL endpoints, web applications

Coverage

12 endpoint checks

Example Finding

Missing CORS headers on /api/users endpoint (CWE-942)

Use Cases

  • Test authentication endpoints for common bypass vulnerabilities
  • Verify CORS, CSP, and security header configurations on live APIs
  • Catch runtime injection flaws that static analysis cannot detect

License Compliance

PRO+

Open Source License Risk Scanner · Powered by License checker

Detects AGPL, GPL, and other copyleft licenses in your dependency tree that could create legal risk for proprietary software.

Languages & Targets

npm, pip, Go, Cargo — all dependency ecosystems

Coverage

47 license types tracked

Example Finding

Dependency uses AGPL-3.0 — viral copyleft risk (License)

Use Cases

  • Flag AGPL dependencies before they infect your proprietary codebase
  • Generate license reports for legal and compliance teams
  • Enforce approved-license policies in CI/CD pipelines

Security Posture

PRO+

API & Application Security Posture · Powered by Custom checks

Evaluates your application's overall security health — checking for missing rate limiting, authentication gaps, and insecure headers.

Languages & Targets

API routes, middleware, server configuration

Coverage

8 posture controls

Example Finding

Missing rate limiting on authentication endpoint (CWE-307)

Use Cases

  • Verify rate limiting is configured on all authentication endpoints
  • Check that security headers (HSTS, CSP, X-Frame-Options) are set
  • Get an overall security health score across your application

Ready to scan your codebase?

3 scanners free forever. No credit card. No signup required for first 10 scans.

Start Scanning FreeSee How It Works