llm-kb
← Back to products
Productlaunched

Isitsecure: 1-command SAST, DAST, and LLM security scanner for web apps

Isitsecure is an open-source tool that performs Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and LLM-specific security scanning with a single command. It helps developers, especially those using AI-generated code, identify and exploit security vulnerabilities automatically. The tool addresses the problem of insecure AI-generated code by combining SAST findings with DAST exploitation attempts.

Visit project ↗
2 engagement·1 source·Sun, Jul 12, 2026, 08:07 PM
The tool started as a free security scan for vibe-coded apps and evolved into an open-source project. It performs SAST to find potential attack routes, then passes them to DAST scanners to attempt exploitation. It also includes LLM security scanning. The tech stack is not specified beyond being a command-line tool. Traction signals: 2 points on Hacker News. The GitHub repository is available at https://github.com/jaurakunal/isitsecure.

Entities

Isitsecure(tool)SAST(concept)DAST(concept)LLM(concept)

Related

ProductSun, Jul 12, 2026, 03:22 PM

CodeInspectus: open-source security scanner for AI-generated code

CodeInspectus is a fully open-source, local security scanner that checks AI-generated code for vulnerabilities. It covers 32 checks (13 AI-specific + 19 SAST) and 200+ secret/API-key patterns, catching issues like hardcoded secrets in client-side code, exposed API keys, and insecure RLS policies. It helps developers secure projects built with LLM-generated code.

1 engagement·1 source·reddit
Tool ReleaseSat, Jul 11, 2026, 07:07 PM

agentsweep CLI scans AI coding agent history files for leaked secrets

A new open-source CLI tool called agentsweep scans history files of AI coding agents (Codex, Cursor, Claude Code, Cline, Aider) for plaintext secrets like API keys, DB URLs, and crypto seed phrases. It uses ~191 detection rules from gitleaks plus a dedicated BIP-39 seed phrase detector, addressing a security risk where pasted secrets persist in agent context and can be re-exposed.

1 engagement·1 source·reddit
Tool ReleaseThu, Jul 9, 2026, 09:18 AM

LVRP: Open-source local vulnerability research pipeline uses 14B code LLM for exhaustive source-to-sink analysis

A new open-source tool called LVRP (Local Vulnerability Research Pipeline) uses a 14B code-specialized LLM to exhaustively analyze source code for vulnerabilities. It combines code graph and LLM hybrid architecture to enumerate and validate all source-to-sink paths, scaling from small scripts to large codebases like the Linux Kernel and VSCode.

45 engagement·1 source·github
ProductSat, Jul 11, 2026, 06:57 PM

Automated MCP server security scoring index

A trust index that automatically scores MCP servers from the official registry based on security criteria like runtime guardrails and SAST scans. It helps security professionals quickly assess whether an MCP server is safe for enterprise use, reducing manual review bottlenecks.

1 engagement·1 source·hackernews
ProductSun, Jul 12, 2026, 07:44 PM

Open-source AI infrastructure stack: gateway, guardrails, policies, observability, audit in one Docker Compose

An open-source application layer that integrates LiteLLM, guardrails, PII masking, policies, evals, audit, lineage, and vector search into a single Docker Compose setup. It provides governed, compliant, and auditable AI for organizations, solving the problem of wiring together disparate open-source components.

2 engagement·1 source·reddit