Recommended Tools
Curated security tools for every stage of your development workflow.
Bastion
FreePrivacy-first security checker and educator for AI-era builders. Scans locally, never uploads code. Includes fix explanations and AI prompts.
Visiteslint-plugin-security
FreeESLint rules that identify potential security hotspots in Node.js code. Detects eval, non-literal requires, and timing attacks.
VisitGitHub Advanced Security
FreemiumCode scanning (CodeQL), secret scanning, and dependency review built into GitHub. Catches vulnerabilities in pull requests.
VisitSonarCloud
FreemiumCloud-based code quality and security analysis. Detects bugs, vulnerabilities, and code smells across 30+ languages.
VisitSkylos
FreeDead code detection with vibe coding detection capabilities for TypeScript and JavaScript projects. Finds unused exports, functions, types, and modules to reduce attack surface.
Visitnpm audit
FreeBuilt-in Node.js dependency vulnerability scanner. Checks installed packages against the GitHub Advisory Database.
VisitSnyk
FreemiumDeveloper-first security platform. Finds and fixes vulnerabilities in dependencies, container images, and infrastructure as code.
VisitTrivy
FreeComprehensive open-source vulnerability scanner. Scans container images, file systems, git repositories, and Kubernetes clusters.
VisitHelmet.js
FreeExpress.js middleware that sets security-related HTTP headers. Configures CSP, HSTS, X-Frame-Options, and more with sensible defaults.
VisitSentry
FreemiumApplication monitoring and error tracking platform. Security-relevant for detecting anomalous errors, tracking release health, and monitoring performance.
VisitSecretlint
FreePluggable linting tool to prevent committing credentials. Supports AWS, GCP, npm tokens, private keys, and custom patterns.
VisitMozilla Observatory
FreeFree online tool that analyzes your website's HTTP headers, TLS configuration, and other security best practices. Provides a letter grade.
VisitOWASP ZAP
FreeFree, open-source dynamic application security testing (DAST) tool. Actively scans running web applications for vulnerabilities.
VisitDependabot
FreeGitHub-native automated dependency updates. Creates pull requests for outdated and vulnerable dependencies with changelogs.
Visit