▸ CODESCAN
DocsSupportScanner
OVERVIEW

What is CodeScan?

CodeScan is an AI-powered security scanner that finds vulnerabilities in your source code, verifies them, enriches them with real CVE intelligence, and generates fixes — all in one pipeline.

Unlike traditional SAST tools that flood you with false positives, CodeScan runs every finding through a 5-step AI pipeline before you see it.

Key capabilities

  • Deep static analysis — 22 regex pre-scan patterns prioritise high-risk files before Claude analyses them
  • False positive removal — a dedicated revalidation pass cuts noise before results reach you
  • CVE enrichment — NVD, EPSS exploit probability, CISA Known Exploited Vulnerabilities (KEV)
  • AI auto-fix — one-click patches generated in context of your actual code
  • SARIF export — drop findings directly into GitHub Security tab

Supported languages

TypeScript · JavaScript · Python · Go · Java · Rust · Ruby · PHP · C/C++ · C# · Kotlin · Swift · Bash · SQL · YAML · Terraform · Dockerfile · JSON

Two ways to use CodeScan

WEB TOOL

Upload files or a .zip. Get results in under 60 seconds in your browser. No install needed.

CLI TOOL

Install via npm. Scan from your terminal. Integrate into CI/CD pipelines.