Skip to main content

What Vulkro checks

One scan. Every risk that gets apps breached.

AI assistants write features, and they write flaws: the endpoint missing its access check, the query a user can rewrite, the secret committed to source. This page is the complete inventory of what Vulkro detects and how deep each check goes, with the commands and artifacts that verify every line of it. If you are evaluating scanners, start here and press Ctrl-F.

150+ security detectors  ·  5,000+ unit tests  ·  one offline scan

Nine areas of risk, dozens of checks each. One command runs all of them offline. Pick yours to jump to the detail.

How it finds real risks

It follows your data, then tells you if it is safe.

A pattern scanner flags anything that looks like a database call and buries you in false alarms. Vulkro follows the actual path a piece of untrusted input takes through your app, and only raises an alarm when it reaches something dangerous with no safety check in between. Fewer false alarms, and the serious risks caught.

SafeSomething a user typedtravels through your appa safety check cleans itreaches your databaseNo alarm. The path is safe.
RiskSomething a user typedtravels through your appno safety checkreaches your databaseAlarm. Untrusted input can reach your database.

Same input. The only difference is whether a safety check sits in the path, and that is exactly what Vulkro follows.

$ vulkro scan
[CRITICAL] Untrusted input reaches your database
           with no safety check in between.
           in checkout

The same follow-the-data approach powers the broken-access, injected-input, request-forgery, and data-exposure checks below. Same code, same result, every time. No AI, no guessing.

Group 01 / Your application

The bugs behind most breaches.

The flaws in your own code are the ones an attacker hits directly from the outside.

Broken access

Users reaching data that is not theirs, weak or missing checks on sensitive pages, and login-session and cookie bugs that let someone stay signed in as another user.

Untrusted input reaching something dangerous

When text a user typed flows into your database, a system command, or a request your server makes. Followed across files, not just the line it appears on.

Forged requests, cross-site rules, and headers

Tricks that make a logged-in user's browser act without consent, and browser-security settings left open or missing.

Fields a user should never set

A form or request that quietly lets the sender change fields they should not control, like their own account role.

Weak or broken encryption

Outdated or misused encryption that a determined attacker can defeat.

Modern APIs

The newer ways apps talk to each other (GraphQL, gRPC, and live connections), each with its own security pitfalls, covered alongside classic web pages.

Group 02 / Secrets and data

What should never be in the code, and where private data travels.

Leaked passwords, keys, and tokens

Finds credentials accidentally left in your code and its history, recognising the shapes of 30-plus common providers (cloud, payments, chat, AI). Optionally checks whether a leaked key still works right now.

[HIGH] Live key found in an old commit -> still active

Recognises keys from

cloudpaymentschatAImessaging

Personal data exposure

Flags where customer information ends up somewhere it should not: a log file, a web address, an error message. A privacy slip is caught before it ships, and it can produce the personal-data inventory your privacy team needs.

All of this runs on your machine. Vulkro never sends your secrets anywhere to check them.

Group 03 / Dependencies and supply chain

The code you did not write.

Most of any modern app is other people's code. Two things go wrong: a package has a known flaw, or a package gets hijacked. Vulkro catches both, offline.

Vulnerable dependencies

Known-risky libraries in your project (npm, PyPI, Go, Cargo, Maven), matched entirely on your machine and ranked by how likely each one is to actually be attacked, so you fix the real threats first, not an alphabetical list.

Attacked in the wild
Known exploit exists
Theoretical only

Fix the top of the list first.

Compromised package releases

A curated record of real supply-chain attacks so the moment your project pins a hijacked release, you hear about it, even at 3am when it is in the news.

event-stream 2018ua-parser-js 2021xz 2024@solana/web3.js 2024

Matched offline. Nothing about your dependencies is uploaded.

Group 04 / AI development surface

The new risks your AI tools bring in.

AI coding assistants add connectors and extensions that reach into your files, run commands, and talk to the internet: new risk most scanners ignore. Vulkro audits it.

AI tool (MCP) configuration

Reviews the AI-assistant connectors set up across your editors for over-broad access, secrets left in plain sight, unencrypted connections, and known-compromised servers.

Covers

Claude DesktopCursorWindsurfVS CodeClineContinueGemini

Editor and browser extensions

Checks the extensions you have installed for compromised publishers and permissions far broader than the tool needs.

too much accesssecrets in plain textunencrypted connectionsknown-compromised releases

Want to check these before Vulkro even reviews your code? The free Vulkro Labs tools do exactly that. →

Group 05 / Infrastructure and advanced

Beyond the code itself.

Containers

Docker and Kubernetes images checked without a running daemon.

Cloud configuration

Setup mistakes in Terraform and more: open storage, over-broad permissions, missing encryption.

Incident response

Answer, in under a second, whether a package in the news affects you and where it comes in.

Live checks

Optional: confirm a finding against your running app from the outside.

Specialised rule packs for money-handling, business-logic, and concurrency ship off by default because they are noisy. Turn them on when you need them.

Why Vulkro

Five reasons teams pick it over the alternatives.

Every claim below is a mechanism you can verify or a number you can reproduce, not an adjective.

vs cloud scanners

Your code never leaves your machine

Every cloud scanner asks you to upload the most sensitive asset you own to someone else's infrastructure. Vulkro's engine ships inside the binary and the analysis runs locally; the only thing that ever crosses the wire is a six-field entitlement check that never sees code, paths, or findings. You can verify this the blunt way: pull the network cable and the scan still runs.

How offline is enforced

vs AI code review

No AI in the scan

A model reviewing code gives a plausible, confident, different answer each run, and spends your tokens doing it. Vulkro is deterministic program analysis: the same input produces the same verdict every time, at no token cost. That is what makes it usable as a release gate; you cannot gate a deploy on an answer that changes when you ask twice.

Same input, same verdict

vs legacy SAST

Benchmarked in the open

Every scanner claims accuracy; almost none publish the test. Our corpus, harness, and scoring code are public, and we publish the comparisons we lose. On the current corpus Vulkro found 44 of 76 catalogued bugs at 0.81 precision. Rerun it yourself.

Reproduce the numbers

vs review-after-the-fact

Built into the loop that writes the code

Legacy scanners assume a human wrote the code and a human will read the report next week. Vulkro runs inside the assistant's write loop and speaks MCP, so findings go back to the agent that caused them, the agent fixes them in the same session, and a clean scan gates the deploy. The report is written for a machine to act on and a human to audit.

vulkro guard, in the write loop

vs platform lock-in

One binary, runs anywhere

No server to stand up, no repo permissions to grant, no cloud account to procure. One binary installs on a laptop, in CI, or on an air-gapped machine with a license file, and behaves identically in all three. Adopting it is an afternoon, and so is removing it, which is exactly why teams keep it.

One binary, four surfaces

The depth behind the coverage

Coverage is the surface. This is the engine.

The nine areas above are what Vulkro checks. These are the real capabilities behind them: following data across files, ranking dependency risk by what is actually exploited, catching flaws inside your AI write loop, and turning a single offline scan into audit-ready evidence.

Cross-file taint analysis

Three passes (within a function, across functions, and across files down a call graph to depth 4). A finding is raised only when untrusted input reaches a dangerous sink with no safety check in between, and the exact path is recorded. Full depth on JavaScript/TypeScript, Python, and Go, with Java (Spring) analysis newly added.

vulkro guard, in your AI write loop

Runs inside Claude Code, Cursor, and Windsurf as your assistant writes. It checks each file the moment it lands and feeds serious findings back so the assistant fixes the flaw before it is committed. Offline and per-file fast.

Reachability-ranked dependency checks

Five ecosystems (npm, PyPI, Go, Cargo, Maven) matched offline against a signed local database that combines OSV, NVD, CISA KEV, and EPSS, refreshed daily. Known-exploited and high-EPSS issues rise to the top, the reachable ones are ranked first, and the call chain from your entry point to the vulnerable symbol is cited in the evidence and carried into VEX output. Ranking, not proof of exploitability.

Deterministic autofix

12 write templates plus read-only diffs. It refuses to fix when the code is ambiguous instead of guessing, never rewrites speculatively, and never touches a file unless you pass --write. No LLM anywhere in the fix path.

Team licensing

Signed seat extensions on one license, plus a team policy file you commit to the repo so every seat and the CI gate scan with the same rules. Ships with v0.16.0.

vulkro slopcheck

Blocks hallucinated or slopsquatted package names before you install them, so an AI assistant that invents a dependency cannot pull a lookalike into your project.

vulkro dataflow

Maps every input (REST, GraphQL, gRPC, WebSocket) through the call graph to its sinks and stores, then scores each flow from 0 to 100 so unauthenticated sensitive flows surface first.

AI-origin audit

Fingerprints which AI tool wrote which code (Claude, Copilot, Cursor, Aider, and ChatGPT markers) and produces a reviewer attestation your compliance team can keep on file.

vulkro respond

Answers "am I exposed to this advisory or package version" in under a second, offline, through a cached reverse index. The 3am incident question, answered before the coffee is poured.

The desktop console

Turns one offline scan into 34 analysis views available: findings, the data-flow map, attack paths, the dependency graph, compliance, a portfolio view across projects, and a scan-to-scan diff.

Reports your auditors accept

23 machine-readable output formats, including SARIF, CycloneDX SBOM, a Cryptographic BOM (CBOM), SPDX, reachability-backed VEX (OpenVEX and CycloneDX-VEX), GDPR records-of-processing, JUnit, CSV, PR comments, HTML, and PDF. Plus 9-plus compliance evidence packs (SOC 2, ISO 27001, HIPAA, PCI-DSS 4.0, NIST 800-53, NIST 800-171, HITRUST, and more) from one command.

150+

security checks

5,000+ unit tests behind them

23

output formats

SARIF, CycloneDX, SPDX, OpenVEX

9+

compliance packs

SOC 2, ISO 27001, HIPAA, PCI-DSS 4.0

34

console views

available from one offline scan

5

SCA ecosystems

npm, PyPI, Go, Cargo, Maven

Deterministic and offline. No AI in the engine, so the same code gives the same result every run, nothing is uploaded, and VULKRO_OFFLINE=1 hard-refuses every network call. One binary is the scanner, an MCP server, an editor language server, and the console backend at once. An optional runtime check, vulkro probe, confirms 13 attack classes against a running app when you authorize it.

The full inventory

Every capability on one table. Ctrl-F it.

Boring on purpose. Every row is real, shipping behaviour with its honest limit printed next to it; rows tagged v0.16.0 land with that release. If a capability is not on this table or in the limits at the bottom of the page, Vulkro does not have it.

CapabilityWhat you getThe honest print
Scan engine
Security detectors150+ detector modules, with 5,000+ unit tests behind them, across the nine risk areas above: broken access, injection, request forgery, field tampering, weak crypto, secrets, personal data, dependencies, and the AI development surface.One command runs all of them
Cross-file taint analysisThree passes: within a function, across functions, and across files down the call graph to depth 4. A finding is raised only when untrusted input reaches a dangerous sink with no safety check in the path, and the exact path is recorded in the evidence.Deep analysis: JS/TS, Python, Go, and Java (Spring, new)
Deterministic engineNo LLM anywhere in the pipeline. The same code produces the same findings on every run, so a CI gate never flakes and a diff between two scans means the code changed.By design, not a setting
Offline enforcementVULKRO_OFFLINE=1 makes the process refuse every outbound network call and return an error instead of silently falling back.Enforced at the process boundary
Runtime confirmationvulkro probe optionally confirms a finding against your running app from the outside, when you authorize it.13 attack classes; not a crawler
In the write loop
vulkro guardRuns inside Claude Code, Cursor, and Windsurf write loops. Checks each file the moment it lands and feeds serious findings back so the assistant fixes the flaw before it is committed.Offline, per-file fast
vulkro slopcheckBlocks hallucinated or slopsquatted package names before you install them.
One binary, four surfacesThe same binary is the scanner, an MCP server, an editor language server, and the desktop console backend. Nothing extra to install or keep in sync.
Dependencies and supply chain
SCA across 5 ecosystemsnpm, PyPI, Go, Cargo, and Maven manifests matched offline against a signed local CVE bundle that combines OSV, NVD, CISA KEV, and EPSS, refreshed daily.Signed bundle, matched entirely on your machine
Reachability rankingReachable dependency findings rank first, and the call chain (entry point to vulnerable symbol) is cited in the evidence. It ranks findings; it does not prove a finding is exploitable.Curated symbol data for Go and Rust advisories; patch-scrape fallback elsewhere
Compromised-release catalogA curated record of real hijacked releases (event-stream, ua-parser-js, xz, @solana/web3.js) matched in the same scan.
vulkro respondAnswers "does this advisory or package version affect us" in under a second, offline, from a cached reverse index.
Fixes
Deterministic autofix12 write templates plus read-only diffs for everything else. Refuses to fix when the code is ambiguous instead of guessing, never rewrites speculatively, and never touches a file unless you pass --write. No LLM.v0.16.0
Evidence and reporting
23 output formatsSARIF, CycloneDX SBOM, CBOM, SPDX, OpenVEX, CycloneDX-VEX, GDPR records of processing, JUnit, CSV, HTML, PDF, PR comments, and more, all machine-readable from one scan.
VEX with call-chain evidenceOpenVEX and CycloneDX-VEX statements carry the reachability call chain that justifies each assessment, so an auditor can trace why a CVE is marked affected or not.v0.16.0
Compliance packs9+ evidence packs from one command: SOC 2, ISO 27001, HIPAA, PCI-DSS 4.0, NIST 800-53, NIST 800-171, HITRUST, and more.
vulkro dataflowMaps every input (REST, GraphQL, gRPC, WebSocket) through the call graph to its sinks and stores, then scores each flow from 0 to 100.
AI-origin auditFingerprints which AI tool wrote which code and produces a reviewer attestation your compliance team can keep on file.Marker-based; no stylistic guessing
Desktop console34 analysis views available from one offline scan: findings, the data-flow map, attack paths, the dependency graph, compliance, portfolio, and scan-to-scan diff.
Licensing
Team licensingSigned seat extensions on one license, plus a team policy file you commit to the repo so every seat scans with the same rules.v0.16.0
Direct licensingAn account is required; a 14-day trial of the full product starts on your first sign-in. Vulkro is licensed per seat, directly through our team (hello@vulkro.com) for a fixed term, and everything you produced stays on your machine when a term lapses.
Language honesty
What gets deep analysisEndpoints and cross-file taint: JavaScript/TypeScript, Python, Go, and Java (Spring, newly added). Cargo manifests get dependency-CVE matching only; the Rust code itself is not analyzed. No PHP, C#, or Ruby analysis at all.If you need those today, we are the wrong tool

vulkro --help lists every command and flag on this table. If the binary and this page ever disagree, the binary wins and the page gets fixed.

The proof

More real bugs than Semgrep CE. Fewer false alarms than Bearer.

On our published corpus of 15 deliberately vulnerable projects (90 catalogued bugs, 76 in the languages the benchmarked release analyzes deeply), Vulkro found 44 catalogued bugs at 0.81 precision in 34.4 seconds of scan time. Semgrep CE found 15 at 0.62 precision in 38.6 seconds. Bearer found 37 with 67 false positives in 247.5 seconds. A max-recall mode trades precision for coverage; the table shows both settings.

Benchmark results: catalogued bugs found, precision, recall, and scan time for Vulkro, Bearer, and Semgrep CE.
ToolBugs found (of 76)PrecisionRecallScan time
Vulkro440.810.5834.4s
Vulkro (max-recall mode)550.150.7234.4s
Bearer 2.0.2370.360.49247.5s
Semgrep CE 1.136.0150.620.2038.6s
$ bench/comparison/run.sh; scores: bench/comparison/scorecard-high.md (max-recall row: scorecard-latest.md). Public corpus: 90 catalogued bugs across 15 real projects; 76 in the supported-language roll-up.

In July 2026 we grew our own ground truth from 69 to 90 catalogued bugs and published the recall drop that came with it. The corpus is versioned and the numbers regenerate from one command.

  • Scans run locally
  • Nothing uploaded
  • No AI in the scan
  • Deterministic results
  • 14-day trial

A separate edition

On Salesforce? There is an edition for that.

Salesforce needs its own security checks: Apex, Lightning, Flows, org access and sharing, Agentforce agents, and AppExchange Security Review readiness. Those ship in Vulkro for Salesforce, a separate edition on the same offline engine. It reviews your code and setup and reads none of your customer data.

What that edition covers

Apex and Lightning

Flows

Access and sharing

Agentforce agents

AppExchange readiness

What it does not do

Where Vulkro is the wrong tool, we say so.

PHP, C#, Ruby code
No deep analysis. Rust projects still get dependency-CVE checks through their Cargo manifests; the code itself is not analyzed.
Known benchmark misses
GraphQL resolver taint and Go fmt.Sprintf SQL interpolation are catalogued false negatives in our own published corpus. We list them instead of hiding them.
Runtime probing
vulkro probe confirms 13 attack classes against a running app you authorize. It is not a crawler and it does not spider your site.
Reachability
Reachability ranks dependency findings by whether your code can reach the vulnerable symbol. It ranks; it does not prove a finding is exploitable.
Mobile app internals
No native iOS, Android, or React Native bridges. The web layers scan; the native bridge does not.
Smart contracts
No Solidity or Vyper. Use a dedicated contract tool.
Embedded C and C++
No detectors today. Use a dedicated C/C++ analyzer.
Mainframe and COBOL
Not on the roadmap.
Unfamiliar custom routing
If your framework hides its routes in a way we cannot follow, endpoint discovery misses them. Send us a sample.

If it is not on this page, assume Vulkro does not check it yet, and tell us what you need.