Documentation
Everything you need to get started with SecurityChecks
SecurityChecks scans your JavaScript and TypeScript codebases for auth bypass, injection, broken access control, and 100+ other security invariants. Install the CLI, connect your GitHub repos, or integrate via API — results in under a minute with evidence-backed findings and zero configuration.
Quick Start
Get started in under 5 minutes
CLI Reference
All commands and options
API Reference
Integrate with our API
Getting Started
Introduction
Learn what SecurityChecks is and how it finds security issues other tools miss.
Quick Start
Get up and running with SecurityChecks in under 5 minutes.
Cloud Dashboard
Connect to the SecurityChecks dashboard for team features and history.
Managing Findings
How to waive, ignore, and resolve security findings
How SecurityChecks works
SecurityChecks combines a local pattern engine with cloud-based evaluation to find the security issues other tools miss. The CLI collects structural artifacts from your codebase — routes, data flows, auth patterns, database queries — without sending source code to the cloud. These artifacts are evaluated against 200+ invariant checks covering authorization, injection, secrets exposure, cryptography, infrastructure configuration, and supply chain risks. Findings include file locations, severity ratings, confidence scores, and suggested fixes.
Supported frameworks
Next.js (App Router and Pages Router), Express, Fastify, NestJS, Hono, and plain Node.js. The collector understands Prisma, Drizzle, and raw SQL for database analysis. Infrastructure checks cover Kubernetes manifests, Terraform configurations, Helm charts, and Docker files. CI integration works with GitHub Actions, GitLab CI, and any environment that supports CLI tools.
Can't find what you're looking for?
Contact Support →