Static analysis for the AI-PR era.
AI assistants are now writing a measurable share of the code that
lands in production. The data on what that code looks like is not
flattering. A 470-PR analysis by CodeRabbit reported that
AI-generated pull requests carry 3x more readability problems
and 75% more logic errors than human-written PRs. The diffs are
larger, the test coverage is thinner, and the bugs cluster in
shapes that pattern-only scanners regularly miss: access-control
oversights, IDOR, mass-assignment, and taint flows where the
sink looks safe in isolation but the source was an LLM-suggested
parameter name like id.
Vulkro fits into that loop offline, fast, and without sending your code or prompt context to a vendor cloud.
Three ways to wire it in
1. Vulkro as an MCP tool inside Claude Code or Cursor. The editor calls Vulkro on every diff via the standard MCP protocol. Add to your client config:
{
"mcpServers": {
"vulkro": {
"command": "vulkro",
"args": ["mcp", "serve"]
}
}
}
The model gets scan_project, scan_file, explain,
list_rules, and get_findings tools. When you ask Claude Code
to write a new endpoint, the same session can scan the diff for
auth gaps and tainted inputs before you commit. See
the mcp serve docs for full setup.
2. Pre-commit on the project. A git hook that runs
vulkro scan --fail-on critical,high
rejects commits that would introduce a new High or Critical
finding. Vulkro picks up the project root and walks it; the
default ci preset is fast enough for pre-commit on typical
repos (sub-5s on most projects under 100k LoC).
3. PR-time CI check. vulkro ci --format gh-pr posts inline
PR comments. Baseline + ratchet means existing debt does not block
contributions; only new findings introduced by the AI-generated
diff fail the gate.
What Vulkro catches that AI tools regress on
| Bug family | Why AI regresses | Vulkro detector |
|---|---|---|
| Auth bypass on new endpoints | LLM forgets to add the requireAuth middleware | auth_dataflow + framework-aware route extraction |
| IDOR / BOLA | LLM happily writes findById(req.params.id) without an ownership check | idor + per-method analysis |
| Mass-assignment | LLM uses User.create(req.body) without an allowlist | mass_assignment + taint |
| SQL injection across function boundaries | LLM splits a query into helpers; sink one file, source another | taint_cfg interprocedural |
| Insecure deserialization | LLM picks pickle.loads / yaml.load | unsafe_deserialize |
| Hardcoded secrets | LLM regenerates an example API key into your code | secrets with entropy + provider regex |
| Open redirect | LLM constructs a redirect(req.query.url) | open_redirect |
| Prompt injection in your own MCP tools | LLM writes a tool that interpolates user data into the description | scan-mcp-server (8 detectors) |
The architectural distinction vs AI code review
CodeRabbit, Greptile, and GitHub Copilot Code Review are all great at conversational PR review and high-level bug spotting. They use cloud LLMs.
Vulkro is the offline static layer underneath. The two compose well: AI tools handle the "is this code idiomatic" question; Vulkro handles "does this code have a known security failure shape" with deterministic detection. Many teams run both: AI review for human-feel feedback, Vulkro for the auditable security gate.
The key difference for AI-PR security: your prompt context (which often contains proprietary architecture details, customer data shapes, or unreleased product names) never leaves your machine when Vulkro is the scanner. Cloud SAST tools do not offer that property.
Install
curl -fsSL https://install.vulkro.com | sh
Free tier covers the full scanner against Python, JavaScript, TypeScript, and Go. The Pro tier adds extended languages, deeper detector packs, compliance, and portfolio.
Read the manifesto for the "no cloud LLM in detection" decision. See the benchmark for reproducible numbers.