ShipSafe is an AI-powered security scanner that finds vulnerabilities in code built with tools like Cursor, Lovable, Bolt, and v0. Paste a GitHub URL and get a plain-English security report in minutes.

How does ShipSafe work?

ShipSafe analyzes your GitHub repository using 30+ security checks including SQL injection, XSS, leaked API keys, and OWASP Top 10 vulnerabilities. It produces a plain-English report with fix recommendations.

Yes, ShipSafe offers a free plan that includes security scans with no credit card required. Paid plans start at $9/month for CLI access with unlimited scans.

What vulnerabilities does ShipSafe detect?

ShipSafe detects SQL injection, cross-site scripting (XSS), leaked secrets and API keys, insecure authentication, CSRF vulnerabilities, and more across the OWASP Top 10 categories.

Does ShipSafe work with vibe-coded apps?

Yes, ShipSafe is specifically designed for apps built with AI coding tools like Cursor, Lovable, Bolt, v0, and Replit. These tools can introduce security vulnerabilities that ShipSafe catches before deployment.

Pricing

Simple, transparent pricing

Enterprise-grade security scanning for less than your Spotify subscription.

Free Scan

Pattern scan — catches the obvious stuff

Basic surface scan
Secret detection
Header & config checks
Common XSS patterns
Summary report

Start Free Scan

Free scans catch the obvious stuff. AI-powered scans catch the things that actually get you hacked — auth logic flaws, business logic vulnerabilities, and context-dependent issues that pattern matching can't see.

Pro Audit

AI catches what patterns miss

$9one-time

Everything in Free
3 AI-powered deep scans
Auth logic analysis
Supabase RLS checks
Business logic review
Plain-English report with fix prompts

Growth

Ongoing protection after every deploy

$19/month

Everything in Pro Audit
5 AI-powered scans per month
Email alerts for new vulns
Scan history & diffs

Shield

Full protection with public proof

$29/month

Everything in Growth
12 AI-powered scans per month
Automatic weekly re-scans
Embeddable "Launch Ready" badge
Public verification page
Priority support

Your code is never storedCancel anytime, one clickNo credit card for free scan

Why AI scanning matters

Pattern matching catches exposed secrets and known CVEs. That's table stakes. AI scans understand your logic — broken auth flows, missing RLS policies, business logic flaws. These are the vulnerabilities that actually lead to breaches. Reports come in plain English with fix prompts you can paste directly into your editor.

Compare Plans

Feature	Free	Pro Audit	Growth	Shield
Pattern-based scan
Secret detection
Header & config checks
AI-powered deep scan	—
Auth logic analysis	—
Supabase RLS checks	—
Plain-English fix prompts	—
AI scans included	—	3	5/mo	12/mo
Email vulnerability alerts	—	—
Scan history & diffs	—	—
Automatic weekly re-scans	—	—	—
Launch-Ready badge	—	—	—
Public verification page	—	—	—
Priority support	—	—	—

CLI & CI/CD

Scan on every commit

Wire ShipSafe into your pipeline. Flat monthly pricing with AI-powered deep analysis on every scan.

Best value

Solo

1 repo, 8 AI scans/month

$12/month

Full deep scan (AI included)
8 AI-powered scans per month
GitHub Actions integration
Pre-commit hook support
Dashboard results sync

Builder

Up to 5 repos, 20 AI scans/month

$29/month

Everything in Solo
Up to 5 repositories
20 AI-powered scans per month
Slack/Discord alerts
PR blocking on critical findings

Agency

Unlimited repos, 50 AI scans/month

$59/month

Everything in Builder
Unlimited repositories
50 AI-powered scans per month
Client-facing reports
White-label ready

Install via npx @ship-safe/cli scan . — free rule-based scanning works without an account.

Questions? support@ship-safe.co

Feature

Free

Pro Audit

Growth

Shield

Pattern-based scan

Secret detection

Header & config checks

AI-powered deep scan

—

Auth logic analysis

—

Supabase RLS checks

—

Plain-English fix prompts

—

AI scans included

—

5/mo

12/mo

Email vulnerability alerts

—

Scan history & diffs

—

Automatic weekly re-scans

—

Launch-Ready badge

—

Public verification page

—

Priority support

—