AI Code Security Platform

How to scan AI-generated code for vulnerabilities

SafeWeave is purpose-built for AI-generated code and MCP-native, so the same AI assistant that writes your code can scan and fix it locally. Follow these five steps to go from install to a clean scan.

  1. 1

    Install SafeWeave via npx

    Run the SafeWeave MCP server locally with a single command. It runs on your machine, so your source code never leaves it. No signup is required for the free tier.

    $ npx safeweave-mcp
  2. 2

    Add SafeWeave to your AI editor

    Register SafeWeave as an MCP server in your AI editor — Cursor, Claude Code, VS Code (Copilot agent mode), or Windsurf. In Claude Code it is one command; other editors use a small mcp.json entry.

    $ claude mcp add safeweave -- npx -y safeweave-mcp
  3. 3

    Generate and scan code

    Write or generate code with your AI assistant as usual, then ask it to scan the project. SafeWeave runs 8 specialized scanners in parallel — SAST, dependencies, secrets, IaC, containers, and more — and returns results in about 12 seconds.

    > scan this project for security vulnerabilities
  4. 4

    Review the ranked findings

    SafeWeave returns findings ranked by severity, each with the file location and a description, drawn from 300+ rules built on open-source engines like Semgrep, Trivy, Gitleaks, and Nuclei. Critical and high-severity issues surface first so you know what to address.

  5. 5

    Apply the AI-suggested fix

    Because SafeWeave is MCP-native, your assistant already has the finding context. Ask it to fix the issue and it applies the remediation in place, then re-scan to confirm the finding is resolved.

    > fix the SQL injection finding in users.ts

Scan your first project free

Add SafeWeave to your AI editor and let it scan and fix AI-generated code as you build. Open-core, MIT licensed, and runs locally.