This is a title

{scd}

Security scanning for developers & teams

shipping classic or AI-generated code

scd finds vulnerabilities in your codebase — before they reach
production. Self-hosted, privacy-first, and built for development
teams who move fast with AI coding tools.

View on Github
Click here
~/projects/my-app
$ scd scan --deep

  Scanning 847 files across 12 modules...
  ✖ CRITICAL  SQL-001  Unsanitised input in user query  src/api/users.js:142
  ⚠ HIGH     JWT-003  Weak signing algorithm detected   src/auth/tokens.js:38
  ⚠ HIGH     XSS-002  Unescaped output in template      src/views/profile.ejs:91

  ✔ Deep analysis complete — no code left your network
  → Report: ~/.scd/repos/my-app/reports/scan-a3f7b2c1.html

Add Your Heading Text Here

The Challenge

174+
Rules covering OWASP Top 10, NIS2 and CRA-relevant patterns across JS, Python, PHP, ASP.NET.
OWASP A03
Injection vulnerabilities remain the most common finding — even in AI-generated code.
0
Lines of code sent outside your infrastructure. Your code stays where you put it.
Git
Hooks on pre-commit and pre-push mean findings surface before they ever reach your repo.