Docs
Inspect your app, anywhere you build
Hullchecks runs from the web, the command line, your CI pipeline, and your AI editor — one engine, one deterministic A–F grade. Pick your path.
Developers
Scan from the terminal or your AI editor in seconds. Nothing leaves your machine.
CLI & MCP →Teams
Gate every pull request, track your grade over time, and ship the fixes as PRs.
CI & GitHub →Enterprises
Map findings to SOC 2, GDPR, and OWASP, export evidence, and answer security questionnaires.
Plans & compliance →The fastest hullcheck
Scan the current project from your terminal — offline, no account:
terminal
npx @hullchecks/cli .Prefer the browser? Paste a live URL or drop a project zip on the home page — a full inspection takes about a minute, no login.
What a hullcheck looks for
- Exposed secrets in code or the shipped browser bundle
- Injection, broken auth, and other code flaws
- Vulnerable, typosquatted, and hallucinated dependencies
- Live-URL surface: headers, CORS, exposed files, TLS, DNS
- OWASP / SOC 2 / GDPR control mapping