Question 1

What is ShipSafe?

Accepted Answer

ShipSafe is an AI-powered security scanner that finds vulnerabilities in code built with tools like Cursor, Lovable, Bolt, and v0. Paste a GitHub URL and get a plain-English security report in minutes.

Question 2

How does ShipSafe work?

Accepted Answer

ShipSafe analyzes your GitHub repository using 30+ security checks including SQL injection, XSS, leaked API keys, and OWASP Top 10 vulnerabilities. It produces a plain-English report with fix recommendations.

Question 3

Is ShipSafe free?

Accepted Answer

Yes, ShipSafe offers a free plan that includes security scans with no credit card required. Paid plans start at $9/month for CLI access with unlimited scans.

Question 4

What vulnerabilities does ShipSafe detect?

Accepted Answer

ShipSafe detects SQL injection, cross-site scripting (XSS), leaked secrets and API keys, insecure authentication, CSRF vulnerabilities, and more across the OWASP Top 10 categories.

Question 5

Does ShipSafe work with vibe-coded apps?

Accepted Answer

Yes, ShipSafe is specifically designed for apps built with AI coding tools like Cursor, Lovable, Bolt, v0, and Replit. These tools can introduce security vulnerabilities that ShipSafe catches before deployment.

Documentation

Quick start

Getting Started

CLI Reference

Configuration

Security Rules

GitHub Actions

Vulnerabilities by Platform