explaingit

synvoya/codeinspectus

Analysis updated 2026-05-18

1TypeScriptAudience · developerComplexity · 3/5Setup · moderate

TLDR

A local-first security scanner your AI coding agent can call to find vulnerabilities, exposed secrets, and dependency issues in your code, running entirely offline after a one-time install.

Mindmap

mindmap
  root((CodeInspectus))
    What it does
      Scans code offline
      Read-only reporting
      Scan fix rescan loop
    Scanning engines
      Opengrep SAST
      Gitleaks secrets
      Trivy dependencies
    AI code checks
      Secret key exposure
      Supabase RLS bugs
      Prompt injection sinks
    Use cases
      Audit AI-generated code
      Compliance reporting
      Dependency auditing
    Audience
      JS and TS developers
      AI agent users
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Scan an AI-written JavaScript project for exposed API keys and injection vulnerabilities before shipping.

USE CASE 2

Run a compliance report to see which OWASP Top 10 controls your codebase covers.

USE CASE 3

Generate a software bill of materials to check dependencies for known security bugs.

USE CASE 4

Loop through scan, fix, and rescan to verify that security issues are actually resolved.

What is it built with?

TypeScriptNode.jsOpengrepGitleaksTrivy

How does it compare?

synvoya/codeinspectusabidoo22/pixelorama-mcpaditya-pandey/slate
Stars111
LanguageTypeScriptTypeScriptTypeScript
Setup difficultymoderatemoderateeasy
Complexity3/53/52/5
Audiencedevelopervibe codergeneral

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · moderate Time to first run · 30min

Requires registering with an AI coding agent's MCP config and running install-engines to download scanner binaries.

In plain English

CodeInspectus is a security scanning tool you add to your AI coding assistant to catch real vulnerabilities in the code you write together. You install it once on your machine, register it with your AI agent (such as Claude Code, Cursor, or VS Code), and from that point your agent can call it to scan any folder for security problems. The tool runs entirely on your computer. The only time it touches the internet is during the initial install, when it downloads three scanning programs: one that looks for code-level vulnerabilities like injection flaws (Opengrep), one that hunts for accidentally committed passwords and API keys (Gitleaks), and one that checks your project's dependencies for known security bugs (Trivy). After that download, every scan runs offline with zero network activity and no telemetry. On top of those three tools, CodeInspectus adds its own checks aimed at mistakes that commonly appear in AI-written code. These include detecting secret keys embedded in client-side JavaScript bundles, catching Supabase database permission mistakes (a class of vulnerability tied to a 2025 security advisory), and flagging spots where user input could be injected into AI prompts. These AI-code checks currently focus on JavaScript and TypeScript, Python and Go code still get the secrets and dependency scanning, but not the AI-specific layer. The tool gives your agent six actions to call: a full scan, a rescan to compare results after fixes, a compliance report, a detailed explanation of any single finding, a software bill of materials export, and a list of active detectors. All of these are strictly read-only. CodeInspectus reports problems and suggests fixes, but it never modifies your files. Your agent (or you) applies the changes. One practical note from the developers: the compliance reports show how much of your code matches the control patterns in frameworks like NIST, SOC 2, and OWASP. They do not mean your software is certified or fully compliant. The distinction matters and the tool states it plainly.

Copy-paste prompts

Prompt 1
Scan my project directory using CodeInspectus and explain each security finding in plain English, grouping them by severity.
Prompt 2
After I apply these fixes, run codeinspectus_rescan and tell me which findings are resolved, which remain, and if any new ones appeared.
Prompt 3
Generate a compliance report for my project showing which OWASP Top 10 controls have code-level coverage.
Prompt 4
Run codeinspectus_generate_sbom on my project and list any dependencies with known CVEs.
Prompt 5
Use codeinspectus_explain_finding on the highest-severity finding and give me a step-by-step remediation I can apply in my TypeScript code.

Frequently asked questions

What is codeinspectus?

A local-first security scanner your AI coding agent can call to find vulnerabilities, exposed secrets, and dependency issues in your code, running entirely offline after a one-time install.

What language is codeinspectus written in?

Mainly TypeScript. The stack also includes TypeScript, Node.js, Opengrep.

How hard is codeinspectus to set up?

Setup difficulty is rated moderate, with roughly 30min to a first successful run.

Who is codeinspectus for?

Mainly developer.

Open on GitHub → Explain another repo

This repo across BitVibe Labs

Scan in gitsafehub Deploy in gitdeployhub synvoya on gitmyhub

Verify against the repo before relying on details.