Security scan for vibe-coded apps

Paste your app URL. Get back a prioritized security report covering exposed secrets, Supabase/Firebase hardening gaps, source map leaks, missing headers, and more.

3,246
Vulnerabilities we check
10
Projects already scanned
172
Vulnerabilities found

Sign in to add a GitHub repo for source-level vulnerability scanning (committed secrets, insecure configs, missing auth checks).

What we check

  • Secrets in JS bundles (Stripe, OpenAI, AWS, GitHub, more)
  • Supabase / Firebase config presence
  • Source maps exposed in production
  • Security headers, TLS, cookie flags
  • Exposed files (.env, .git, backups)
  • Subdomains via certificate transparency

What we don't do (yet)

  • Active exploitation or auth bypass attempts
  • Writes against Supabase / Firebase
  • Brute force or credential stuffing
  • Automated re-scans (one-shot only)

Pricing

Scanning is always free. You'll see a preview of what we found — one example per severity (Critical, High, Medium, Low, Info) and the total count. To read the full report with every finding, fix instructions, and an AI master prompt, pick a plan below.

Free scan

€0+ VAT
Preview
  • Unlimited scans of your URLs
  • Severity counts + one sample per level
  • No report details, no fix prompt
Run a scan

Pay as you go

€15+ VAT
per scan unlock
  • Everything in Free scan
  • Full report — every finding with evidence & fix
  • AI master prompt for Lovable / v0 / Replit / Cursor
  • Re-check later for €10 to diff resolved vs still-open
Start a scan to pay per report

Pro

Best value
€20+ VAT
per month, unlimited
  • Unlimited scans (fair-use 20/day)
  • Every report unlocked automatically
  • Unlimited re-checks — no extra cost
  • Cancel anytime via Stripe customer portal
Subscribe

All prices exclude VAT. VAT is calculated at checkout based on your billing country (Stripe Tax).