I scanned my own app with CodeCop — found 21 security issues I didn't know were there

Hey PH community 👋

I've been building AI-assisted apps for a while. Fast to ship, but security always felt like an afterthought.

So I ran one of my own public repos through CodeCop — a security scanner I built specifically for AI-generated code.

Found 21 issues. 12 high severity. Including:

• Hardcoded API keys

• CORS set to * on production endpoints

• IDOR — any user could modify another user's data

• Unsanitized file uploads

All mapped to OWASP + CWE with fix suggestions.

Launching CodeCop tomorrow — free to try, no card needed.

Curious: does anyone actually audit their AI-generated code before shipping? 👇