▸ CODESCAN|AI Security Pipeline
AboutPricing✦ FeaturesDocsContactPrivacyRefundsAccess Scanner →
AI-POWERED · 5-STEP PIPELINE · CVE INTELLIGENCE

CodeScan

AI-powered security scanner that doesn't just find vulnerabilities — it investigates, verifies, enriches with real CVE data, and fixes them.

▶ Launch ScannerGitHub ↗
codescan — terminal
18+
Languages
100+
Vuln Classes
CVE + EPSS + KEV
Threat Intel
Ultra Suite
Fix → Review → Push
10+ Databases
AI Migrations
SARIF 2.1.0
GitHub Ready
CAPABILITIES

Everything you need to ship secure code

From finding to fix to Git push — the entire security workflow in one tool.

5-Step AI Pipeline
Scan → Investigate → Verify → Revalidate → Enrich. Every finding verified and enriched before you see it. False positives eliminated automatically.
🧠
Dual-AI Verification
HIGH and CRITICAL findings cross-checked by Claude + GPT-4o independently. Consensus verdict: CONFIRMED · UNCERTAIN · DISPUTED.
AI Fix All
One click fixes every vulnerability across every file. Items disappear from the scanner as they're patched. Direct commit to Git — no dialog.
📋
Ultra Plan
AI generates a prioritised remediation roadmap: Phase 1 critical → Phase 2 sprint → backlog + quick wins. Copy to clipboard in one click.
🔍
Ultra Review
Before pushing to Git, Claude reviews every fixed file. Verdict per file: SAFE · WARNING · FAIL with confidence score.
🛡
Ultra Security
Re-scans fixed code to catch regressions the AI may have introduced. Ensures your fixes don't create new vulnerabilities.
CodescanBot
Interactive AI assistant with full vulnerability context. Ask why it's dangerous, request DB migrations, get plain-English explanations.
CVE Intelligence
NVD + EPSS exploit probability + CISA Known Exploited Vulnerabilities catalog. Know which findings are being actively exploited right now.
🗄
AI Database Migrations
Describe a schema change in English. The bot writes SQL and executes it to your database. Supports 10+ databases including Supabase, MySQL, MongoDB.
SARIF + GitHub Push
Export SARIF 2.1.0, push AI fixes directly to your branch with one click, or open a PR — all without leaving CodeScan.
📊
Compliance Reports
OWASP Top 10 · SOC 2 · PCI-DSS. Map findings to control frameworks with evidence text for auditors.
CLI + CI/CD
npm package with --fail-on, --output, --enrich flags. Drop into GitHub Actions, GitLab CI, or any pipeline. Exit code 2 on CISA KEV.
✦ ULTRA SUITE

Fix → Review → Secure → Push in one flow

The Ultra Suite turns CodeScan into an autonomous security engineer. AI fixes every vulnerability, reviews its own work, re-scans the patched code, then commits directly to your Git branch — with no human intervention required.

📋
Ultra PlanAI-generated prioritised remediation roadmap
AI Fix AllFixes every file — items vanish as they're patched
🔍
Ultra ReviewClaude reviews every fix before it leaves your machine
🛡
Ultra SecurityRe-scans fixed code to catch AI-introduced regressions
Push & CommitDirect commit to Git branch — one click, no dialog
⚡ AI Fix AllFixing 8/12 — auth/route.ts
🔍 Ultra Review✓ SAFE · confidence 94%
🛡 Ultra Security✓ clean — no new issues
⬆ Push & Commit to Git12 file(s) committed to master
HOW IT WORKS

The 5-step pipeline

01
Scan
Claude claude-sonnet-4-6 performs deep static analysis with 22 regex pre-scan patterns to prioritise high-risk files first.
02
Investigate
Critical and high findings are re-verified in context of the full file to eliminate noise.
03
Revalidate
Claude Haiku removes false positives with a dedicated confirmation pass.
04
Enrich
Each finding is matched to NVD CVEs, scored with EPSS exploit probability, and checked against the CISA KEV catalog.
05
Export
Structured JSON, SARIF 2.1.0, and GitHub Issues markdown output. Remediation status tracked per finding.
SUPPORTED LANGUAGES

Scan anything

TypeScriptJavaScriptPythonGoJavaRustRubyPHPC/C++C#KotlinSwiftBashSQLYAMLTerraformDockerfileJSON
GET STARTED

Scan your code today

Drop files or a .zip archive. Get results in under 60 seconds, enriched with CVE intelligence and ready to fix.

▶ Launch Scanner
npm install -g codescan-flowlog
PRICING

Simple, transparent pricing

No seat fees. No surprises. Cancel any time.

FREE
Free
15 scans/mo
  • 15 file scans / month
  • 5-step AI pipeline
  • Web scanner + CLI
  • JSON export
  • Dependency scanning (OSV.dev)
Start free →
STARTER
$14/mo
100 scans/mo
  • 100 file scans / month
  • 5-step AI pipeline
  • Web scanner + CLI
  • CVE / CVSS enrichment
  • AI auto-fix
  • JSON & SARIF export
  • Dependency scanning
  • Top-up credits
Get started →
MOST POPULAR
PRO
$34/mo
400 scans/mo
  • 400 file scans / month
  • 5-step AI pipeline
  • Web scanner + CLI
  • CVE / CVSS / EPSS enrichment
  • CISA KEV detection
  • AI auto-fix
  • CodescanBot AI assistant
  • JSON & SARIF export
  • Dependency scanning
  • Priority support
Get started →
TEAM
$89/mo
1,500 scans/mo
  • 1,500 file scans / month
  • 5-step AI pipeline
  • Web scanner + CLI
  • CVE / CVSS / EPSS enrichment
  • CISA KEV detection
  • AI auto-fix
  • CodescanBot AI assistant
  • Team access
  • GitHub Actions CI/CD
  • Priority support
  • Top-up credits
Get started →
BUSINESS
$299/mo
∞ Unlimited
  • Unlimited file scans
  • 5-step AI pipeline
  • Web scanner + CLI
  • CVE / CVSS / EPSS enrichment
  • CISA KEV detection
  • AI auto-fix
  • CodescanBot AI assistant
  • Multi-team access
  • GitHub Actions CI/CD
  • Dedicated support + SLA
  • Custom onboarding
Get started →

All plans include the full 5-step AI pipeline · Powered by Claude (Anthropic) · Payments via Stripe

View full comparison, top-up credits & FAQ →