Isitsecure: 1-command SAST, DAST, and LLM security scanner for web apps
Isitsecure is an open-source tool that performs Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and LLM-specific security scanning with a single command. It helps developers, especially those using AI-generated code, identify and exploit security vulnerabilities automatically. The tool addresses the problem of insecure AI-generated code by combining SAST findings with DAST exploitation attempts.
Visit project ↗Entities
Related
CodeInspectus: open-source security scanner for AI-generated code
CodeInspectus is a fully open-source, local security scanner that checks AI-generated code for vulnerabilities. It covers 32 checks (13 AI-specific + 19 SAST) and 200+ secret/API-key patterns, catching issues like hardcoded secrets in client-side code, exposed API keys, and insecure RLS policies. It helps developers secure projects built with LLM-generated code.
agentsweep CLI scans AI coding agent history files for leaked secrets
A new open-source CLI tool called agentsweep scans history files of AI coding agents (Codex, Cursor, Claude Code, Cline, Aider) for plaintext secrets like API keys, DB URLs, and crypto seed phrases. It uses ~191 detection rules from gitleaks plus a dedicated BIP-39 seed phrase detector, addressing a security risk where pasted secrets persist in agent context and can be re-exposed.
LVRP: Open-source local vulnerability research pipeline uses 14B code LLM for exhaustive source-to-sink analysis
A new open-source tool called LVRP (Local Vulnerability Research Pipeline) uses a 14B code-specialized LLM to exhaustively analyze source code for vulnerabilities. It combines code graph and LLM hybrid architecture to enumerate and validate all source-to-sink paths, scaling from small scripts to large codebases like the Linux Kernel and VSCode.
Automated MCP server security scoring index
A trust index that automatically scores MCP servers from the official registry based on security criteria like runtime guardrails and SAST scans. It helps security professionals quickly assess whether an MCP server is safe for enterprise use, reducing manual review bottlenecks.
Open-source AI infrastructure stack: gateway, guardrails, policies, observability, audit in one Docker Compose
An open-source application layer that integrates LiteLLM, guardrails, PII masking, policies, evals, audit, lineage, and vector search into a single Docker Compose setup. It provides governed, compliant, and auditable AI for organizations, solving the problem of wiring together disparate open-source components.


