AI Code Security Platform
How to scan AI-generated code for vulnerabilities
SafeWeave is purpose-built for AI-generated code and MCP-native, so the same AI assistant that writes your code can scan and fix it locally. Follow these five steps to go from install to a clean scan.
- 1
Install SafeWeave via npx
Run the SafeWeave MCP server locally with a single command. It runs on your machine, so your source code never leaves it. No signup is required for the free tier.
$ npx safeweave-mcp - 2
Add SafeWeave to your AI editor
Register SafeWeave as an MCP server in your AI editor — Cursor, Claude Code, VS Code (Copilot agent mode), or Windsurf. In Claude Code it is one command; other editors use a small mcp.json entry.
$ claude mcp add safeweave -- npx -y safeweave-mcp - 3
Generate and scan code
Write or generate code with your AI assistant as usual, then ask it to scan the project. SafeWeave runs 8 specialized scanners in parallel — SAST, dependencies, secrets, IaC, containers, and more — and returns results in about 12 seconds.
> scan this project for security vulnerabilities - 4
Review the ranked findings
SafeWeave returns findings ranked by severity, each with the file location and a description, drawn from 300+ rules built on open-source engines like Semgrep, Trivy, Gitleaks, and Nuclei. Critical and high-severity issues surface first so you know what to address.
- 5
Apply the AI-suggested fix
Because SafeWeave is MCP-native, your assistant already has the finding context. Ask it to fix the issue and it applies the remediation in place, then re-scan to confirm the finding is resolved.
> fix the SQL injection finding in users.ts
Scan your first project free
Add SafeWeave to your AI editor and let it scan and fix AI-generated code as you build. Open-core, MIT licensed, and runs locally.