Skip to main content

What Vulkro checks

One scan. Every risk that gets apps breached.

Vulkro checks your whole application for the flaws behind real breaches: broken access, injected input, leaked keys, risky open-source code, hijacked packages, exposed personal data, cloud and container mistakes, and the new risks your AI coding tools bring in. One pass, on your own machine. Nothing is uploaded.

9 areas of risk  ·  3 languages and their frameworks  ·  1 offline scan

How it finds real risks

It follows your data, then tells you if it is safe.

A pattern scanner flags anything that looks like a database call and buries you in false alarms. Vulkro follows the actual path a piece of untrusted input takes through your app, and only raises an alarm when it reaches something dangerous with no safety check in between. Fewer false alarms, and the serious risks caught.

SafeSomething a user typedtravels through your appa safety check cleans itreaches your databaseNo alarm. The path is safe.
RiskSomething a user typedtravels through your appno safety checkreaches your databaseAlarm. Untrusted input can reach your database.

Same input. The only difference is whether a safety check sits in the path, and that is exactly what Vulkro follows.

$ vulkro scan
[CRITICAL] Untrusted input reaches your database
           with no safety check in between.
           in checkout

The same follow-the-data approach powers the broken-access, injected-input, request-forgery, and data-exposure checks below. Same code, same result, every time. No AI, no guessing.

Group 01 / Your application

The bugs behind most breaches.

The flaws in your own code are the ones an attacker hits directly from the outside.

Broken access

Users reaching data that is not theirs, weak or missing checks on sensitive pages, and login-session and cookie bugs that let someone stay signed in as another user.

Untrusted input reaching something dangerous

When text a user typed flows into your database, a system command, or a request your server makes. Followed across files, not just the line it appears on.

Forged requests, cross-site rules, and headers

Tricks that make a logged-in user's browser act without consent, and browser-security settings left open or missing.

Fields a user should never set

A form or request that quietly lets the sender change fields they should not control, like their own account role.

Weak or broken encryption

Outdated or misused encryption that a determined attacker can defeat.

Modern APIs

The newer ways apps talk to each other (GraphQL, gRPC, and live connections), each with its own security pitfalls, covered alongside classic web pages.

Group 02 / Secrets and data

What should never be in the code, and where private data travels.

Leaked passwords, keys, and tokens

Finds credentials accidentally left in your code and its history, recognising the shapes of 30-plus common providers (cloud, payments, chat, AI). Optionally checks whether a leaked key still works right now.

[HIGH] Live key found in an old commit -> still active

Recognises keys from

cloudpaymentschatAImessaging

Personal data exposure

Flags where customer information ends up somewhere it should not: a log file, a web address, an error message. A privacy slip is caught before it ships, and it can produce the personal-data inventory your privacy team needs.

All of this runs on your machine. Vulkro never sends your secrets anywhere to check them.

Group 03 / Dependencies and supply chain

The open-source code you inherited.

Most of any modern app is other people's code. Two things go wrong: a package has a known flaw, or a package gets hijacked. Vulkro catches both, offline.

Vulnerable open-source dependencies

Known-risky libraries in your project (npm, PyPI, Go, Cargo, Maven), matched entirely on your machine and ranked by how likely each one is to actually be attacked, so you fix the real threats first, not an alphabetical list.

Attacked in the wild
Known exploit exists
Theoretical only

Fix the top of the list first.

Compromised package releases

A curated record of real supply-chain attacks so the moment your project pins a hijacked release, you hear about it, even at 3am when it is in the news.

event-stream 2018ua-parser-js 2021xz 2024@solana/web3.js 2024

Matched offline. Nothing about your dependencies is uploaded.

Group 04 / AI development surface

The new risks your AI tools bring in.

AI coding assistants add connectors and extensions that reach into your files, run commands, and talk to the internet: new risk most scanners ignore. Vulkro audits it.

AI tool (MCP) configuration

Reviews the AI-assistant connectors set up across your editors for over-broad access, secrets left in plain sight, unencrypted connections, and known-compromised servers.

Covers

Claude DesktopCursorWindsurfVS CodeClineContinueGemini

Editor and browser extensions

Checks the extensions you have installed for compromised publishers and permissions far broader than the tool needs.

too much accesssecrets in plain textunencrypted connectionsknown-compromised releases

Want to check these before Vulkro even reviews your code? The free Vulkro Labs tools do exactly that. →

Group 05 / Infrastructure and advanced

Beyond the code itself.

Containers

Docker and Kubernetes images checked without a running daemon.

Cloud configuration

Setup mistakes in Terraform and more: open storage, over-broad permissions, missing encryption.

Incident response

Answer, in under a second, whether a package in the news affects you and where it comes in.

Live checks

Optional: confirm a finding against your running app from the outside.

Specialised rule packs for money-handling, business-logic, and concurrency ship off by default because they are noisy. Turn them on when you need them.

The depth behind the coverage

Coverage is the surface. This is the engine.

The nine areas above are what Vulkro checks. These are the real capabilities behind them: following data across files, ranking dependency risk by what is actually exploited, catching flaws inside your AI write loop, and turning a single offline scan into audit-ready evidence.

Cross-file taint analysis

Three passes (within a function, across functions, and across files down a call graph to depth 4). A finding is raised only when untrusted input reaches a dangerous sink with no safety check in between, and the exact path is recorded. Full depth on JavaScript, TypeScript, Python, and Go.

vulkro guard, in your AI write loop

Runs inside Claude Code, Cursor, and Windsurf as your assistant writes. It checks each file the moment it lands and feeds serious findings back so the assistant fixes the flaw before it is committed. Offline and per-file fast.

Reachability-ranked dependency checks

Five ecosystems (npm, PyPI, Go, Cargo, Maven) matched offline against a signed local database that combines OSV, NVD, CISA KEV, and EPSS, refreshed daily. Known-exploited and high-EPSS issues rise to the top, the reachable ones are ranked first, and the call chain from your entry point to the vulnerable symbol is cited in the evidence and carried into VEX output. Ranking, not proof of exploitability.

Deterministic autofix

12 write templates plus read-only diffs. It refuses to fix when the code is ambiguous instead of guessing, never rewrites speculatively, and never touches a file unless you pass --write. No LLM anywhere in the fix path.

Team licensing

Signed seat extensions on one license, plus a team policy file you commit to the repo so every seat and the CI gate scan with the same rules. Ships with v0.16.0.

vulkro slopcheck

Blocks hallucinated or slopsquatted package names before you install them, so an AI assistant that invents a dependency cannot pull a lookalike into your project.

vulkro dataflow

Maps every input (REST, GraphQL, gRPC, WebSocket) through the call graph to its sinks and stores, then scores each flow from 0 to 100 so unauthenticated sensitive flows surface first.

AI-origin audit

Fingerprints which AI tool wrote which code (Claude, Copilot, Cursor, Aider, and ChatGPT markers) and produces a reviewer attestation your compliance team can keep on file.

vulkro respond

Answers "am I exposed to this advisory or package version" in under a second, offline, through a cached reverse index. The 3am incident question, answered before the coffee is poured.

The desktop console

Turns one offline scan into 34 analysis views available: findings, the data-flow map, attack paths, the dependency graph, compliance, a portfolio view across projects, and a scan-to-scan diff. Some views are Pro.

Reports your auditors accept

23 machine-readable output formats, including SARIF, CycloneDX SBOM, a Cryptographic BOM (CBOM), SPDX, reachability-backed VEX (OpenVEX and CycloneDX-VEX), GDPR records-of-processing, JUnit, CSV, PR comments, HTML, and PDF. Plus 9-plus compliance evidence packs (SOC 2, ISO 27001, HIPAA, PCI-DSS 4.0, NIST 800-53, NIST 800-171, HITRUST, and more) from one command.

150+

security detectors, 5,000+ tests

23

machine-readable output formats

9+

compliance evidence packs

34

console analysis views available

5

dependency ecosystems, ranked

Deterministic and offline. No AI in the engine, so the same code gives the same result every run, nothing is uploaded, and VULKRO_OFFLINE=1 hard-refuses every network call. One binary is the scanner, an MCP server, an editor language server, and the console backend at once. An optional runtime check, vulkro probe, confirms 13 attack classes against a running app when you authorize it.

The full inventory

Every capability on one table. Ctrl-F it.

Boring on purpose. Every row is real, shipping behaviour with its honest limit printed next to it; rows tagged v0.16.0 land with that release. If a capability is not on this table or in the limits at the bottom of the page, Vulkro does not have it.

CapabilityWhat you getThe honest print
Scan engine
Security detectors150+ detector modules, with 5,000+ unit tests behind them, across the nine risk areas above: broken access, injection, request forgery, field tampering, weak crypto, secrets, personal data, dependencies, and the AI development surface.One command runs all of them
Cross-file taint analysisThree passes: within a function, across functions, and across files down the call graph to depth 4. A finding is raised only when untrusted input reaches a dangerous sink with no safety check in the path, and the exact path is recorded in the evidence.Deep analysis: JS/TS, Python, Go only
Deterministic engineNo LLM anywhere in the pipeline. The same code produces the same findings on every run, so a CI gate never flakes and a diff between two scans means the code changed.By design, not a setting
Offline enforcementVULKRO_OFFLINE=1 makes the process refuse every outbound network call and return an error instead of silently falling back.Enforced at the process boundary
Runtime confirmationvulkro probe optionally confirms a finding against your running app from the outside, when you authorize it.13 attack classes; not a crawler
In the write loop
vulkro guardRuns inside Claude Code, Cursor, and Windsurf write loops. Checks each file the moment it lands and feeds serious findings back so the assistant fixes the flaw before it is committed.Offline, per-file fast
vulkro slopcheckBlocks hallucinated or slopsquatted package names before you install them.
One binary, four surfacesThe same binary is the scanner, an MCP server, an editor language server, and the desktop console backend. Nothing extra to install or keep in sync.
Dependencies and supply chain
SCA across 5 ecosystemsnpm, PyPI, Go, Cargo, and Maven manifests matched offline against a signed local CVE bundle that combines OSV, NVD, CISA KEV, and EPSS, refreshed daily.Bundle stays current on the Free tier
Reachability rankingReachable dependency findings rank first, and the call chain (entry point to vulnerable symbol) is cited in the evidence. It ranks findings; it does not prove exploitability.Curated symbol data for Go and Rust advisories; patch-scrape fallback elsewhere
Compromised-release catalogA curated record of real hijacked releases (event-stream, ua-parser-js, xz, @solana/web3.js) matched in the same scan.
vulkro respondAnswers "does this advisory or package version affect us" in under a second, offline, from a cached reverse index.
Fixes
Deterministic autofix12 write templates plus read-only diffs for everything else. Refuses to fix when the code is ambiguous instead of guessing, never rewrites speculatively, and never touches a file unless you pass --write. No LLM.v0.16.0
Evidence and reporting
23 output formatsSARIF, CycloneDX SBOM, CBOM, SPDX, OpenVEX, CycloneDX-VEX, GDPR records of processing, JUnit, CSV, HTML, PDF, PR comments, and more, all machine-readable from one scan.
VEX with call-chain evidenceOpenVEX and CycloneDX-VEX statements carry the reachability call chain that justifies each assessment, so an auditor can trace why a CVE is marked affected or not.v0.16.0
Compliance packs9+ evidence packs from one command: SOC 2, ISO 27001, HIPAA, PCI-DSS 4.0, NIST 800-53, NIST 800-171, HITRUST, and more.
vulkro dataflowMaps every input (REST, GraphQL, gRPC, WebSocket) through the call graph to its sinks and stores, then scores each flow from 0 to 100.
AI-origin auditFingerprints which AI tool wrote which code and produces a reviewer attestation your compliance team can keep on file.Marker-based; no stylistic guessing
Desktop console34 analysis views available from one offline scan: findings, the data-flow map, attack paths, the dependency graph, compliance, portfolio, and scan-to-scan diff.Some views are Pro
Licensing
Team licensingSigned seat extensions on one license, plus a team policy file you commit to the repo so every seat scans with the same rules.v0.16.0
Free tier, permanentWhen a Pro term lapses the CLI keeps working at the Free tier and keeps receiving current CVE bundle updates. Pro sells detection depth, not data freshness. Per-term, no auto-renewal.
Language honesty
What gets deep analysisEndpoints and cross-file taint: JavaScript, TypeScript, Python, and Go only. Cargo and Maven get dependency-CVE matching only; the Rust and Java code itself is not analyzed. No PHP, C#, or Ruby analysis at all.If you need those today, we are the wrong tool

vulkro --help lists every command and flag on this table. If the binary and this page ever disagree, the binary wins and the page gets fixed.

The proof

More real bugs than Semgrep CE. Fewer false alarms than Bearer.

On our published corpus of 15 deliberately vulnerable projects (90 catalogued bugs, 76 in the languages Vulkro analyzes deeply), Vulkro found 44 catalogued bugs at 0.81 precision in 36 seconds. Semgrep CE found 15 at 0.62 precision in the same time: 2.9x more bugs, higher precision, same speed. Bearer found 37 with 67 false positives and took 250 seconds: more bugs than Bearer, 6.7x fewer false alarms, at 7x its speed.

Vulkro44
Bearer37
Semgrep CE15

Catalogued bugs found, of the 76 in the languages all three tools were scored on.

$ bench/comparison/run.sh  ·  bench/comparison/scorecard-latest.md  ·  the corpus, the scoring, and the harness are public

In July 2026 we grew our own ground truth from 69 to 90 catalogued bugs and published the recall drop that came with it. The corpus is versioned and the numbers regenerate from one command.

Runs offline, nothing uploaded
No AI: the same code always gives the same result
Every finding labelled for your auditors
Ranked by real-world attack likelihood

A separate edition

On Salesforce? There is an edition for that.

Salesforce needs its own security checks: Apex, Lightning, Flows, org access and sharing, Agentforce agents, and AppExchange Security Review readiness. Those ship in Vulkro for Salesforce, a separate edition on the same offline engine. It reviews your code and setup and reads none of your customer data.

What that edition covers

Apex and Lightning

Flows

Access and sharing

Agentforce agents

AppExchange readiness

What it does not do

Where Vulkro is the wrong tool, we say so.

PHP, Java, C#, Ruby code
No deep analysis. Java and Rust projects still get dependency-CVE checks through their Maven and Cargo manifests; the code itself is not analyzed.
Known benchmark misses
GraphQL resolver taint and Go fmt.Sprintf SQL interpolation are catalogued false negatives in our own published corpus. We list them instead of hiding them.
Mobile app internals
No native iOS, Android, or React Native bridges. The web layers scan; the native bridge does not.
Smart contracts
No Solidity or Vyper. Use a dedicated contract tool.
Embedded C and C++
No detectors today. Use a dedicated C/C++ analyzer.
Mainframe and COBOL
Not on the roadmap.
Unfamiliar custom routing
If your framework hides its routes in a way we cannot follow, endpoint discovery misses them. Send us a sample.

If it is not on this page, assume Vulkro does not check it yet, and tell us what you need.

Languages covered today: TypeScript and JavaScript, Python, and Go, with their major frameworks.

See it on your own code.

See the benchmark →