isitsecure - 1-command SAST & DAST & LLM security scanner for web apps
40 scanners in one command when GitHub Advanced Security already exists.
Find and fix web-app vulnerabilities in one command — SAST + DAST + AI, for devs who aren't security experts.
Yet another security scanner competing with Snyk, Semgrep, and GitHub Advanced Security.
Backend developers and indie hackers
Snyk · Semgrep · OWASP ZAP
What started as a free security scan tool for vibe coded apps turned into an open source project for a much deeper Static Application Security Test (SAST) + Dynamic Application Security Testing (DAST) scan + a SAST defined DAST plan - basically the SAST scan finds a possible route to attack and passes it off to the DAST scanners to try and exploit.
The goal is to give folks a tool to keep building with AI but without compromising on security when it comes to their customers' data.
Feedback is always welcomed; I'd especially love to hear about:
1. any false positives 2. any vulnerability class that you'd expect but is missing in the tool 3. how the SAST defined DAST scan plan fares against your code repo
If you got this far, thanks for reading and hope you find this useful :slightly_smiling_face:
40 scanners in one command when GitHub Advanced Security already exists.
Docker sandbox execution catches runtime threats static analysis alone misses.
Five-LLM consensus catches prompt injection patterns static analysis misses.
First security scanner for MCP configs as the protocol gains adoption.
Secures OpenClaw skills, but the ecosystem might not sustain the moat.
First static analyzer for MCP servers catching command injection before you plug it in.