AI SAST Scanner

One-click AI-powered static application security testing for your codebase.

What it does

AI SAST Scanner analyzes your source code for security vulnerabilities using your existing AI coding assistant. It finds injection flaws, authentication issues, hardcoded secrets, misconfigurations, and more.

How to use

1. Open your project folder in VS Code (the root folder containing all your source code)
2. Right-click on the project folder in Explorer → click "Run SAST Scan"
3. Click "Continue" in the confirmation dialog
4. The scan prompt will be copied to your clipboard
5. Open your AI coding assistant (Claude Code, GitHub Copilot, Cursor, Amazon Q, or any AI tool)
6. Paste the prompt (Ctrl+V) and press Enter
7. Wait for the scan to complete
8. The report will open automatically with all findings

For large codebases

If your project has multiple services or modules (e.g., microservices), scan each service separately for better and deeper results. Open each service folder individually in VS Code and run the scan. Each scan generates its own report:

• security-report-api-gateway.html
• security-report-billing-service.html
• security-report-user-service.html

Running a scan on the same folder again will overwrite the previous report for that folder. Rename the old report before rescanning if you want to keep it.

Supported AI tools

Works with any AI coding assistant:

• Claude Code
• GitHub Copilot
• Cursor
• Amazon Q
• Windsurf
• Aider
• Any AI tool that can read project files

Supported platforms

Works on any codebase — Web apps, Android, iOS, APIs, Desktop apps, CLI tools. Any language, any framework.