What Vulkro checks
One scan. Every risk that gets apps breached.
AI assistants write features, and they write flaws: the endpoint missing its access check, the query a user can rewrite, the secret committed to source. This page is the complete inventory of what Vulkro detects and how deep each check goes, with the commands and artifacts that verify every line of it. If you are evaluating scanners, start here and press Ctrl-F.
150+ security detectors · 5,000+ unit tests · one offline scan
Nine areas of risk, dozens of checks each. One command runs all of them offline. Pick yours to jump to the detail.
Your application
Modern APIs
Secrets
Personal data
Dependencies
Supply chain
AI tools
Infrastructure
Advanced
One command checks all nine, entirely on your machine. Deep analysis: JavaScript/TypeScript, Python, Go, and Java (Spring, new).
How it finds real risks
It follows your data, then tells you if it is safe.
A pattern scanner flags anything that looks like a database call and buries you in false alarms. Vulkro follows the actual path a piece of untrusted input takes through your app, and only raises an alarm when it reaches something dangerous with no safety check in between. Fewer false alarms, and the serious risks caught.
Same input. The only difference is whether a safety check sits in the path, and that is exactly what Vulkro follows.
$ vulkro scan [CRITICAL] Untrusted input reaches your database with no safety check in between. in checkout
The same follow-the-data approach powers the broken-access, injected-input, request-forgery, and data-exposure checks below. Same code, same result, every time. No AI, no guessing.
Group 01 / Your application
The bugs behind most breaches.
The flaws in your own code are the ones an attacker hits directly from the outside.
Broken access
Untrusted input reaching something dangerous
Forged requests, cross-site rules, and headers
Fields a user should never set
Weak or broken encryption
Modern APIs
Group 02 / Secrets and data
What should never be in the code, and where private data travels.
Leaked passwords, keys, and tokens
Finds credentials accidentally left in your code and its history, recognising the shapes of 30-plus common providers (cloud, payments, chat, AI). Optionally checks whether a leaked key still works right now.
[HIGH] Live key found in an old commit -> still active
Recognises keys from
Personal data exposure
All of this runs on your machine. Vulkro never sends your secrets anywhere to check them.
Group 03 / Dependencies and supply chain
The code you did not write.
Most of any modern app is other people's code. Two things go wrong: a package has a known flaw, or a package gets hijacked. Vulkro catches both, offline.
Vulnerable dependencies
Known-risky libraries in your project (npm, PyPI, Go, Cargo, Maven), matched entirely on your machine and ranked by how likely each one is to actually be attacked, so you fix the real threats first, not an alphabetical list.
Fix the top of the list first.
Compromised package releases
A curated record of real supply-chain attacks so the moment your project pins a hijacked release, you hear about it, even at 3am when it is in the news.
Matched offline. Nothing about your dependencies is uploaded.
Group 04 / AI development surface
The new risks your AI tools bring in.
AI coding assistants add connectors and extensions that reach into your files, run commands, and talk to the internet: new risk most scanners ignore. Vulkro audits it.
AI tool (MCP) configuration
Reviews the AI-assistant connectors set up across your editors for over-broad access, secrets left in plain sight, unencrypted connections, and known-compromised servers.
Covers
Editor and browser extensions
Checks the extensions you have installed for compromised publishers and permissions far broader than the tool needs.
Want to check these before Vulkro even reviews your code? The free Vulkro Labs tools do exactly that. →
Group 05 / Infrastructure and advanced
Beyond the code itself.
Containers
Cloud configuration
Incident response
Live checks
Specialised rule packs for money-handling, business-logic, and concurrency ship off by default because they are noisy. Turn them on when you need them.
Why Vulkro
Five reasons teams pick it over the alternatives.
Every claim below is a mechanism you can verify or a number you can reproduce, not an adjective.
vs cloud scanners
Your code never leaves your machine
Every cloud scanner asks you to upload the most sensitive asset you own to someone else's infrastructure. Vulkro's engine ships inside the binary and the analysis runs locally; the only thing that ever crosses the wire is a six-field entitlement check that never sees code, paths, or findings. You can verify this the blunt way: pull the network cable and the scan still runs.
How offline is enforced →vs AI code review
No AI in the scan
A model reviewing code gives a plausible, confident, different answer each run, and spends your tokens doing it. Vulkro is deterministic program analysis: the same input produces the same verdict every time, at no token cost. That is what makes it usable as a release gate; you cannot gate a deploy on an answer that changes when you ask twice.
Same input, same verdict →vs legacy SAST
Benchmarked in the open
Every scanner claims accuracy; almost none publish the test. Our corpus, harness, and scoring code are public, and we publish the comparisons we lose. On the current corpus Vulkro found 44 of 76 catalogued bugs at 0.81 precision. Rerun it yourself.
Reproduce the numbers →vs review-after-the-fact
Built into the loop that writes the code
Legacy scanners assume a human wrote the code and a human will read the report next week. Vulkro runs inside the assistant's write loop and speaks MCP, so findings go back to the agent that caused them, the agent fixes them in the same session, and a clean scan gates the deploy. The report is written for a machine to act on and a human to audit.
vulkro guard, in the write loop →vs platform lock-in
One binary, runs anywhere
No server to stand up, no repo permissions to grant, no cloud account to procure. One binary installs on a laptop, in CI, or on an air-gapped machine with a license file, and behaves identically in all three. Adopting it is an afternoon, and so is removing it, which is exactly why teams keep it.
One binary, four surfaces →The depth behind the coverage
Coverage is the surface. This is the engine.
The nine areas above are what Vulkro checks. These are the real capabilities behind them: following data across files, ranking dependency risk by what is actually exploited, catching flaws inside your AI write loop, and turning a single offline scan into audit-ready evidence.
Cross-file taint analysis
vulkro guard, in your AI write loop
Reachability-ranked dependency checks
Deterministic autofix
Team licensing
vulkro slopcheck
vulkro dataflow
AI-origin audit
vulkro respond
The desktop console
Reports your auditors accept
150+
security checks
5,000+ unit tests behind them
23
output formats
SARIF, CycloneDX, SPDX, OpenVEX
9+
compliance packs
SOC 2, ISO 27001, HIPAA, PCI-DSS 4.0
34
console views
available from one offline scan
5
SCA ecosystems
npm, PyPI, Go, Cargo, Maven
Deterministic and offline. No AI in the engine, so the same code gives the same result every run, nothing is uploaded, and VULKRO_OFFLINE=1 hard-refuses every network call. One binary is the scanner, an MCP server, an editor language server, and the console backend at once. An optional runtime check, vulkro probe, confirms 13 attack classes against a running app when you authorize it.
The full inventory
Every capability on one table. Ctrl-F it.
Boring on purpose. Every row is real, shipping behaviour with its honest limit printed next to it; rows tagged v0.16.0 land with that release. If a capability is not on this table or in the limits at the bottom of the page, Vulkro does not have it.
| Capability | What you get | The honest print |
|---|---|---|
| Scan engine | ||
| Security detectors | 150+ detector modules, with 5,000+ unit tests behind them, across the nine risk areas above: broken access, injection, request forgery, field tampering, weak crypto, secrets, personal data, dependencies, and the AI development surface. | One command runs all of them |
| Cross-file taint analysis | Three passes: within a function, across functions, and across files down the call graph to depth 4. A finding is raised only when untrusted input reaches a dangerous sink with no safety check in the path, and the exact path is recorded in the evidence. | Deep analysis: JS/TS, Python, Go, and Java (Spring, new) |
| Deterministic engine | No LLM anywhere in the pipeline. The same code produces the same findings on every run, so a CI gate never flakes and a diff between two scans means the code changed. | By design, not a setting |
| Offline enforcement | VULKRO_OFFLINE=1 makes the process refuse every outbound network call and return an error instead of silently falling back. | Enforced at the process boundary |
| Runtime confirmation | vulkro probe optionally confirms a finding against your running app from the outside, when you authorize it. | 13 attack classes; not a crawler |
| In the write loop | ||
| vulkro guard | Runs inside Claude Code, Cursor, and Windsurf write loops. Checks each file the moment it lands and feeds serious findings back so the assistant fixes the flaw before it is committed. | Offline, per-file fast |
| vulkro slopcheck | Blocks hallucinated or slopsquatted package names before you install them. | |
| One binary, four surfaces | The same binary is the scanner, an MCP server, an editor language server, and the desktop console backend. Nothing extra to install or keep in sync. | |
| Dependencies and supply chain | ||
| SCA across 5 ecosystems | npm, PyPI, Go, Cargo, and Maven manifests matched offline against a signed local CVE bundle that combines OSV, NVD, CISA KEV, and EPSS, refreshed daily. | Signed bundle, matched entirely on your machine |
| Reachability ranking | Reachable dependency findings rank first, and the call chain (entry point to vulnerable symbol) is cited in the evidence. It ranks findings; it does not prove a finding is exploitable. | Curated symbol data for Go and Rust advisories; patch-scrape fallback elsewhere |
| Compromised-release catalog | A curated record of real hijacked releases (event-stream, ua-parser-js, xz, @solana/web3.js) matched in the same scan. | |
| vulkro respond | Answers "does this advisory or package version affect us" in under a second, offline, from a cached reverse index. | |
| Fixes | ||
| Deterministic autofix | 12 write templates plus read-only diffs for everything else. Refuses to fix when the code is ambiguous instead of guessing, never rewrites speculatively, and never touches a file unless you pass --write. No LLM. | v0.16.0 |
| Evidence and reporting | ||
| 23 output formats | SARIF, CycloneDX SBOM, CBOM, SPDX, OpenVEX, CycloneDX-VEX, GDPR records of processing, JUnit, CSV, HTML, PDF, PR comments, and more, all machine-readable from one scan. | |
| VEX with call-chain evidence | OpenVEX and CycloneDX-VEX statements carry the reachability call chain that justifies each assessment, so an auditor can trace why a CVE is marked affected or not. | v0.16.0 |
| Compliance packs | 9+ evidence packs from one command: SOC 2, ISO 27001, HIPAA, PCI-DSS 4.0, NIST 800-53, NIST 800-171, HITRUST, and more. | |
| vulkro dataflow | Maps every input (REST, GraphQL, gRPC, WebSocket) through the call graph to its sinks and stores, then scores each flow from 0 to 100. | |
| AI-origin audit | Fingerprints which AI tool wrote which code and produces a reviewer attestation your compliance team can keep on file. | Marker-based; no stylistic guessing |
| Desktop console | 34 analysis views available from one offline scan: findings, the data-flow map, attack paths, the dependency graph, compliance, portfolio, and scan-to-scan diff. | |
| Licensing | ||
| Team licensing | Signed seat extensions on one license, plus a team policy file you commit to the repo so every seat scans with the same rules. | v0.16.0 |
| Direct licensing | An account is required; a 14-day trial of the full product starts on your first sign-in. Vulkro is licensed per seat, directly through our team (hello@vulkro.com) for a fixed term, and everything you produced stays on your machine when a term lapses. | |
| Language honesty | ||
| What gets deep analysis | Endpoints and cross-file taint: JavaScript/TypeScript, Python, Go, and Java (Spring, newly added). Cargo manifests get dependency-CVE matching only; the Rust code itself is not analyzed. No PHP, C#, or Ruby analysis at all. | If you need those today, we are the wrong tool |
vulkro --help lists every command and flag on this table. If the binary and this page ever disagree, the binary wins and the page gets fixed.
The proof
More real bugs than Semgrep CE. Fewer false alarms than Bearer.
On our published corpus of 15 deliberately vulnerable projects (90 catalogued bugs, 76 in the languages the benchmarked release analyzes deeply), Vulkro found 44 catalogued bugs at 0.81 precision in 34.4 seconds of scan time. Semgrep CE found 15 at 0.62 precision in 38.6 seconds. Bearer found 37 with 67 false positives in 247.5 seconds. A max-recall mode trades precision for coverage; the table shows both settings.
| Tool | Bugs found (of 76) | Precision | Recall | Scan time |
|---|---|---|---|---|
| Vulkro | 44 | 0.81 | 0.58 | 34.4s |
| Vulkro (max-recall mode) | 55 | 0.15 | 0.72 | 34.4s |
| Bearer 2.0.2 | 37 | 0.36 | 0.49 | 247.5s |
| Semgrep CE 1.136.0 | 15 | 0.62 | 0.20 | 38.6s |
In July 2026 we grew our own ground truth from 69 to 90 catalogued bugs and published the recall drop that came with it. The corpus is versioned and the numbers regenerate from one command.
- Scans run locally
- Nothing uploaded
- No AI in the scan
- Deterministic results
- 14-day trial
A separate edition
On Salesforce? There is an edition for that.
Salesforce needs its own security checks: Apex, Lightning, Flows, org access and sharing, Agentforce agents, and AppExchange Security Review readiness. Those ship in Vulkro for Salesforce, a separate edition on the same offline engine. It reviews your code and setup and reads none of your customer data.
What that edition covers
Apex and Lightning
Flows
Access and sharing
Agentforce agents
AppExchange readiness
What it does not do
Where Vulkro is the wrong tool, we say so.
If it is not on this page, assume Vulkro does not check it yet, and tell us what you need.