Feel free to Download Open Source version of the Project. You can self host it for 100% Code Control and transparency or you can run Open Source Binary only in your own CI/CD (no Web Interface, Workers)

Code and Infra Quality in minutes

Trivial setup, no software installation, compatible with many programming languages (PHP, Java, Scala, Python, Ruby, Javascript, Typescript, GO, Solidity, DeFi Security, Infrastructure as a Code Best Practice and Security (Docker, Kubernetes (k8s), Terraform AWS, GCP, Azure), Secret Scanning, Dependency Confusion, Trojan Source, Open Source and Proprietary Checks). Practically any Open Source and proprietary check can be added.

Detect more than 1,500+ issues

Detects more than 1,500+ code and infrastructure issues, and counting. Swiss army knife tool/SIEM for SAST Scanning. You will get one unified Report in Web Interface or CLI.

Modern & Lightweight

Understands the modern technologies. All callable via REST API. Integrateable with CI/CD systems. Lighweight and Fast. Secure. No need to connect anything. “Plug out” solution.

Fig 1. Scanmycode Web Interface in action

bash -- 70x32
Loading plugin: git
Loading plugin: trufflehog3
Loading plugin: trojansource
Loading plugin: metrics
Loading plugin: bandit
Loading plugin: brakeman
Loading plugin: phpanalyzer
Loading plugin: gosec
Loading plugin: confused
Loading plugin: pmd
Loading plugin: semgrep
Loading plugin: semgrepdefi
Loading plugin: semgrepjs
Loading plugin: checkov
semgrepjs	ExpressLfrWarning	
semgrepjs	CookieSessionNoDomain	
semgrepjs	CookieSessionNoPath	
semgrepjs	CookieSessionNoSecure	
semgrepjs	CookieSessionDefault	
semgrepjs	CookieSessionNoSamesite


Fig 2. Scanmycode CLI in action

Scanmycode 2018-2022 © All rights reserved. Terms of use and Privacy Policy. Made with ❤️ in Berlin