llm-kb
← Back to products
Productlaunched

CodeInspectus: open-source security scanner for AI-generated code

CodeInspectus is a fully open-source, local security scanner that checks AI-generated code for vulnerabilities. It covers 32 checks (13 AI-specific + 19 SAST) and 200+ secret/API-key patterns, catching issues like hardcoded secrets in client-side code, exposed API keys, and insecure RLS policies. It helps developers secure projects built with LLM-generated code.

1 engagement·1 source·Sun, Jul 12, 2026, 03:22 PM
Notable capabilities: 32 checks including 13 AI-specific (e.g., hardcoded secret in client-side code, secret in built JS bundle, client-visible env prefix like NEXT_PUBLIC_, Supabase service_role key, LLM SDK client with dangerouslyAllowBrowser:true, RLS policy with USING(true)) and 19 SAST checks, plus 200+ secret & API-key patterns. Tech stack: not stated. Traction signals: 1 upvote on Reddit.

Entities

CodeInspectus(tool)Supabase(company)Next.js(tool)Vite(tool)

Related

Tool ReleaseSat, Jul 11, 2026, 07:07 PM

agentsweep CLI scans AI coding agent history files for leaked secrets

A new open-source CLI tool called agentsweep scans history files of AI coding agents (Codex, Cursor, Claude Code, Cline, Aider) for plaintext secrets like API keys, DB URLs, and crypto seed phrases. It uses ~191 detection rules from gitleaks plus a dedicated BIP-39 seed phrase detector, addressing a security risk where pasted secrets persist in agent context and can be re-exposed.

1 engagement·1 source·reddit
Tool ReleaseThu, Jul 9, 2026, 09:18 AM

LVRP: Open-source local vulnerability research pipeline uses 14B code LLM for exhaustive source-to-sink analysis

A new open-source tool called LVRP (Local Vulnerability Research Pipeline) uses a 14B code-specialized LLM to exhaustively analyze source code for vulnerabilities. It combines code graph and LLM hybrid architecture to enumerate and validate all source-to-sink paths, scaling from small scripts to large codebases like the Linux Kernel and VSCode.

45 engagement·1 source·github
ProductSun, Jul 12, 2026, 04:36 PM

AI code review tool using custom standards file

Surmado's Scout is a low-cost AI code review tool for small teams, solo founders, and vibe coders. It reviews pull requests against a user-defined STANDARDS.MD file, providing feedback on what looks good, what needs work, and a reviewer brief. It aims to be 1/10 the price of Claude.

6 engagement·1 source·reddit
ProductSun, Jul 12, 2026, 12:30 PM

Local-first CLI that masks PII and secrets before sending to LLMs

LocalMask is a command-line tool that runs locally to detect and mask personally identifiable information (PII) and secrets before data is sent to large language models. It solves the privacy and compliance problem for developers and organizations that need to use LLMs without exposing sensitive data.

2 engagement·1 source·hackernews
CommunitySun, Jul 12, 2026, 05:31 PM

Community discusses fragmentation in AI gateway software for production LLM apps

A Reddit discussion highlights that AI gateway software has become a buzzword, with vendors like Nightfall AI, Palo Alto Networks, and NeuralTrust addressing different security problems. Practitioners note that production LLM apps face issues beyond prompt injection, including sensitive data leakage, multi-turn attacks, and agent monitoring, making vendor comparisons difficult.

4 engagement·1 source·reddit