Getting Started
Go from zero to your first security scan in under a minute. No signup required for local scans.
Run Your First Scan
Point ShipSafe at any directory. It works with JavaScript, TypeScript, Python, Go, Ruby, Java, PHP, Rust, C#, Swift, and Kotlin.
npx @ship-safe/cli scan .No install needed. npx downloads and runs it in one command.
What You Get
The free scan checks for 80+ security issues across 12 categories:
Each finding includes the file, line number, a plain-English explanation, and a suggested fix you can copy-paste.
AI-Powered Deep Scanning
The free local scan uses rule-based pattern matching for instant results. Paid plans unlock AI-powered deep analysis that covers:
AI-powered deep scanning is available on paid plans. CLI plans include 8–50 AI scans per month depending on your tier. See pricing for details.
Scan a Specific Path
You can scan a specific file or subdirectory:
npx @ship-safe/cli scan src/npx @ship-safe/cli scan server/api/auth.tsConnect to Your Dashboard
Log in to sync scan results to your web dashboard. Results auto-upload after every scan.
npx @ship-safe/cli loginThis opens your browser to authenticate. Once logged in, every scan automatically appears in your dashboard with full history and diff tracking.
Tip: Run shipsafe whoami to check your login status, or shipsafe logout to sign out.
Create a Config File
Generate a .shipsafe.yml config file to customize which rules run and which files to exclude:
npx @ship-safe/cli initSee the Configuration docs for all options.
Output Formats
ShipSafe supports three output formats:
Table (default)
Human-readable report with colored severity badges, code snippets, and fix suggestions.
JSON
Structured output for scripts and custom CI integrations.
npx @ship-safe/cli scan . --output jsonSARIF
Upload to GitHub's Security tab to see findings inline on PR diffs.
npx @ship-safe/cli scan . --output sarif