Back to browse
GitHub Repository

Find and fix web-app vulnerabilities in one command — SAST + DAST + AI, for devs who aren't security experts.

7 starsPython

Isitsecure – 1-command SAST and DAST and LLM security scanner for web apps

by kunaljaura·Jul 12, 2026·2 points·0 comments

AI Analysis

MidShip It

Yet another security scanner competing with Snyk, Semgrep, and GitHub Advanced Security.

Strengths
  • SAST findings automatically generate targeted DAST plans to verify exploitability.
  • Single-command execution lowers the barrier for non-security experts to run scans.
  • Produces browseable HTML reports with graded severity levels for quick triage.
Weaknesses
  • Crowded category where established players like Snyk and Semgrep already dominate.
  • LLM-based analysis introduces potential hallucinations without clear false-positive rates.
Category
Target Audience

Backend developers and indie hackers

Similar To

Snyk · Semgrep · OWASP ZAP

Post Description

As vibe coding has started to become more mainstream, so has the realization that typical AI-generated code is insecure by default.

What started as a free security scan tool for vibe coded apps turned into an open source project for a much deeper Static Application Security Test (SAST) + Dynamic Application Security Testing (DAST) scan + a SAST defined DAST plan - basically the SAST scan finds a possible route to attack and passes it off to the DAST scanners to try and exploit.

The goal is to give folks a tool to keep building with AI but without compromising on security when it comes to their customers' data.

Feedback is always welcomed; I'd especially love to hear about:

1. any false positives 2. any vulnerability class that you'd expect but is missing in the tool 3. how the SAST defined DAST scan plan fares against your code repo

If you got this far, thanks for reading and hope you find this useful :slightly_smiling_face:

Similar Projects

Security●●●Banger

A security scanner for AI Agent Skills

Docker sandbox execution catches runtime threats static analysis alone misses.

Big BrainBold Bet
mayziem
503mo ago
Security●●Solid

MCP-scan – Security scanner for MCP server configs

First security scanner for MCP configs as the protocol gains adoption.

Niche GemShip It
AbanoubRodolf
103mo ago
Security●●●Banger

Mcpaudit – static security scanner for MCP servers

First static analyzer for MCP servers catching command injection before you plug it in.

Zero to OneSolve My Problem
allenwu06
301mo ago