The problem: AI-generated code often ships with hardcoded secrets, SQL injection vulnerabilities, and weak crypto. Most indie devs and startups don't have time or budget for security audits.

How it works: 1. Paste a GitHub repo URL 2. Yikes clones it, runs Semgrep with custom rules + dependency checks 3. Get results in ~30 seconds

It catches: - Hardcoded API keys, passwords, tokens - SQL injection via string interpolation - XSS patterns - Weak hashing (MD5, SHA1) - Vulnerable npm/pip packages - Common misconfigurations (.env not gitignored, debug mode, etc.)

Supports: JS/TS, Python, Swift, Go, Ruby, PHP, Java, Kotlin, C#

Free tier: 5 scans/day. No signup required.

Would love feedback - especially on false positive rates and what rules to add.

> Get a full manual audit with expert review and priority fixes.

Great.

Manual == human?

Expert == human?

All for $49.99?