Hey PH! 👋 I'm Srini, builder of CodeCop. I build a lot of apps with AI. Fast to ship — but security is always an afterthought. So I built and ran CodeCop on one of my own public repos. Found 21 issues. 12 high severity. In code I thought was production-ready. The worst offenders: hardcoded API keys, CORS set to * on production endpoints, un-sanitized file uploads, and IDOR- any user could modify another user's data. Classic vibe-code problems. The kind that don't show up until something breaks — or someone exploits it. CodeCop catches them before that happens. It scans across 26 vulnerability categories, maps every issue to OWASP + CWE, and gives you a full PDF report with fix suggestions. Paste code, upload a zip, or point it at a GitHub repo. Free to try — no card needed. Would love your feedback!

Forum Threads

p/codecop

•

1d ago

I scanned my own app with CodeCop — found 21 security issues I didn't know were there

Hey PH community

I've been building AI-assisted apps for a while. Fast to ship, but security always felt like an afterthought.

So I ran one of my own public repos through CodeCop a security scanner I built specifically for AI-generated code.

Found 21 issues. 12 high severity. Including:

View all

Codecop

Find security bugs in AI-generated code before hackers do

Find security bugs in AI-generated code before hackers do

Forum Threads

I scanned my own app with CodeCop — found 21 security issues I didn't know were there

Forum Threads

I scanned my own app with CodeCop — found 21 security issues I didn't know were there