Features
Everything it covers, on one page.
Five tabs, one section, no scrolling for a quarter mile. Ctrl-F still works: every tab panel is in the DOM, just visually hidden until selected.
TypeScript / JavaScript
Express, Fastify, NestJS, Next.js (App + Pages), Koa, Hono, Elysia, AdonisJS, tRPC.
Python
FastAPI, Flask, Django + DRF + Ninja, Starlette, aiohttp, Tornado, Litestar. include_router(prefix=) preserved.
Go
net/http, gin, echo, chi, fiber, gorilla mux.
Ruby
Ruby on Rails (Action Pack routing).
Java / Kotlin
Spring Boot (annotations, request mappings, security configs).
C#
ASP.NET Core (attribute routes, controllers, minimal APIs).
PHP
Laravel (routes, middleware, model bindings).
Salesforce
Apex (REST + Aura), LWC, Aura, Flow, Visualforce, metadata (Profiles, Permission Sets, Named Credentials, Connected Apps).
Community
Feature you wish we had?
The fastest path to a new detector or framework is the Substack chat or r/vulkro. The fastest way to hear when it ships is the newsletter. The slowest, but most reliable, is email.
Substack
Subscribe once, get two things: the weekly CVE + release digest in your inbox, and access to the live chat where in-between things land (detector ideas, weird findings, release heads-ups).
Public community at r/vulkro. Bug reports, scan-result war stories, CVE chat, AppSec questions. No email required, indexed by Google so threads stay useful.
Bug reports, install help, billing questions. One human reads every message. No web form, no chatbot, no AI summariser.
The complete feature set, free for 14 days.
Install, scan your repo, see what it finds. After the trial it's $19 a month or $149 a year.