SAST Scanner

One-click AI-powered static application security testing for your codebase.

What it does

SAST Scanner analyzes your source code for security vulnerabilities using your existing AI coding assistant (Claude Code or GitHub Copilot). It finds injection flaws, authentication issues, hardcoded secrets, misconfigurations, and more.

How to use

1. Open your project folder in VS Code (the root folder containing all your source code)
2. Right-click on the project folder in Explorer → click "Run SAST Scan"
3. Click "Continue" in the confirmation dialog
4. The scan prompt will be copied to your clipboard
5. Open Claude Code or GitHub Copilot Chat
6. Paste the prompt (Ctrl+V) and press Enter
7. Wait for the scan to complete
8. security-report.html will open automatically with all findings

Note

After the scan completes, delete the .sast folder from your project directory to avoid confusion in your project.

Requirements

One of these AI tools must be installed in VS Code:

• Claude Code (recommended)
• GitHub Copilot

Supported platforms

Works on any codebase — Web apps, Android, iOS, APIs, Desktop apps, CLI tools. Any language, any framework.