Free security tools for vibe-coded apps

Check whether your Supabase database is readable by the public. Finds tables with missing or permissive row-level security.

Scan your live app's client-side code for exposed secrets — leaked Stripe, AWS, GitHub, OpenAI and Supabase service-role keys.

Grade your HTTP security headers (CSP, HSTS, X-Frame-Options and more) and see exactly what's missing and why it matters.

Test an API for CORS misconfiguration — origin reflection and dangerous credentialed wildcards that expose your data cross-site.