AuditSaas - Audit your vibe-coded SaaS before your users find the gaps

AuditSaas is a local CLI that scans your codebase for the security, privacy, AI-abuse, and payments gaps that AI coding assistants quietly skip — auth rate limits, IDOR, webhook signature checks, exposed secrets, CORS/SSRF/JWT misconfig, and more. No dashboard, no account, nothing leaves your machine. Currently in private beta — join the waitlist for access.

Add a comment

Replies

Best
Hey everyone 👋 Maker here. I built this after seeing how many fast-shipped SaaS apps skip the unglamorous stuff — rate limiting, ownership checks on API routes, webhook signature verification — because AI pair-programmers don't reliably catch it. AuditSaas runs locally, writes plain Markdown/JSON reports into your repo, and needs zero setup. We're in private beta while I tighten false-positive rates and expand rule coverage. Would love feedback from anyone building fast right now — drop a comment or join the waitlist and I'll get you access.

Ran it against a side project and it actually flagged a webhook signature check I had skipped, which was a wake up call. The fact that everything stays local is exactly what I want from a security tool.