8 scanners. 12 seconds. Zero config.
SECURITY FOR VIBE CODERS
You prompt, AI writes, SafeWeave scans. Vulnerabilities caught in 12 seconds — so you can ship fast without shipping exploits.
Built by ex-Snyk & Trail of Bits engineers. Purpose-built for Cursor, Claude Code, and Windsurf — where AI-generated vulnerabilities actually happen. Meet the team →
3 scanners free foreverUnlimited local scansZero registration required
Install now — one command, no signup
npxnpx safeweave-mcp
Or add to Claude Code:
claude mcp add safeweave -- npx -y safeweave-mcp
No credit card. No sales call. No waiting. Your code stays on your machine.
WHAT GETS SCANNED
8 scanners. Zero blind spots.
Every attack surface covered — from source code to running containers — through a single integration point.
All 8 scanners run in parallel. Average scan time: 12 seconds on a 50k LOC codebase. Powered by Semgrep, Trivy, Gitleaks, and Checkov — battle-tested by millions of developers.
BUILT FOR YOU
Who is SafeWeave for?
⌨️
Scan from your IDE. Ship with confidence.
SafeWeave runs as an MCP server inside Cursor, Claude Code, and VS Code. Just ask your AI to scan — no context switching, no dashboards, no config files. Free forever on the self-hosted tier.
Free Resource
Get our free OWASP AI security checklist
10 things to check before shipping AI-generated code to production. Delivered to your inbox.
No spam. Unsubscribe anytime.
WHY US
See how we stack up against other security platforms.
| Feature | SafeWeave | Snyk | Semgrep | GitHub Advanced Security |
|---|---|---|---|---|
| MCP-native | ✓ | — | — | — |
| AI IDE support | Cursor, Claude Code, VS Code, Windsurf | VS Code only | VS Code only | GitHub Copilot |
| Starting price | $0/mo | $25/mo | $40/mo | $49/mo |
| Scan time (avg) | 12s | 45s | 30s | 60s |
| Open source scanners | ✓ | Partial | ✓ | — |
| Free tier | ✓ | Limited | ✓ | — |
| Compliance profiles | SOC 2, HIPAA, PCI-DSS, OWASP * | SOC 2 | — | — |
| Self-hosted option | ✓ | ✓ | ✓ | — |
| CI/CD integration | ✓ | ✓ | ✓ | GitHub only |
* Compliance profiles and all 8 scanners require Self-Hosted Pro or higher. Free tier includes SAST (top 20 rules), Secrets, and Dependency scanning.
FINDINGS
What a finding looks like
Every finding includes severity, location, and an AI-generated fix suggestion.
Auto-detected in 0.8sAI fix suggestion includedMapped to OWASP A03:2021
What You Get
See your security posture at a glance
Track findings, monitor trends, and get AI-suggested fixes — all from your dashboard.
Getting Started
Running in under 2 minutes
Run one command — no signup needed
The free tier works instantly with zero registration. Run npx safeweave-mcp and start scanning. 3 scanners (SAST, Secrets, Dependencies), unlimited local scans, no license key required. Sign up later only if you want to unlock all 8 scanners or track trends.
Connect your editor
Add SafeWeave as an MCP server in your AI editor of choice. Set your license key as an environment variable and you are ready to scan.
Ask your AI to scan
Just type a natural-language prompt. SafeWeave handles the rest — SAST, secrets, and dependency scanning run locally on your machine. Your code never leaves your device.
Upgrade for more power
Self-Hosted Pro ($15/mo) unlocks all 8 scanners, compliance profiles, and a local dashboard — everything runs on your machine. Need team features? Cloud plans add hosted dashboards, trend tracking, and AI-suggested fixes.
Ready to secure your code?
CI/CD
Works with your existing stack
Drop SafeWeave into any CI pipeline with a single command. No Docker required.
Claude Code Skill
Auto-scan before every push
Install the secure-before-push skill and SafeWeave automatically scans your code before every git commit, push, and PR. No manual steps.
✍️
You write code
Build features as usual with your AI editor
→
🛡️
Auto-scan triggers
SafeWeave scans before every commit and push
→
⚠️
Issues blocked
Critical and high severity findings block the push
→
✅
Ship secure code
Only clean code reaches your repository
Critical / High
Blocks push
Ready to find what your AI missed?
Testimonials
Loved by vibe coders who ship safe
“We plugged SafeWeave into Cursor and immediately caught a hardcoded API key that had been in our codebase for months. The MCP workflow is a game-changer.”
“Average scan time went from 90 seconds with our old tool to 12 seconds. My team actually runs scans now instead of skipping them before every PR.”
“The fact that I can just type "scan this project" in Claude Code and get back structured findings with fix suggestions — that's the future of AppSec.”
THE SAFEWEAVE PROMISE
Zero disruption or your money back
CI SPEED
If SafeWeave adds more than 30 seconds to your CI pipeline, we refund your first month.
ZERO LOCK-IN
Cancel anytime. Export all findings data. No contracts, no penalties, no exit fees.
NO ALERT FATIGUE
Smart deduplication and severity scoring. Only real vulnerabilities surface — no noise.
14-day money-back guarantee on all paid plans · Cancel anytime
Pricing
Transparent pricing. No surprises.
Start free with npx safeweave-mcp. Upgrade when your needs grow.
MonthlyYearlyYearly — save 2 months free 🎉
From the Blog
Security insights for vibe coders
FAQ
Frequently asked questions
Does SafeWeave store or transmit my source code?
In Self-Hosted mode, your code stays on your machine. File contents are sent to our scanner fleet over HTTPS for analysis and immediately discarded after scanning — we never store source code. In Cloud mode, scan results (not source code) are stored for dashboard analytics.
How is this different from Snyk or GitHub Advanced Security?
SafeWeave is MCP-native — it integrates directly into AI code editors like Cursor, Claude Code, and VS Code as a first-class tool. You get 8 specialized scanners through a single npx command, with no complex setup or vendor lock-in. Self-hosted scanning starts at $0/mo.
Which CI/CD platforms are supported?
SafeWeave works with GitHub Actions, GitLab CI, CircleCI, Jenkins, and any CI/CD platform that supports Node.js. Just add npx safeweave-mcp to your pipeline.
Does the MCP server require internet access to my codebase?
The free Self-Hosted tier sends files to our scanner fleet for analysis. Self-Hosted Pro does the same but unlocks all 8 scanners. No cloud account is needed — just run npx safeweave-mcp.
What does 'Basic' SAST mean on the free plan?
The free tier includes SAST scanning with the top 20 most impactful rules covering SQL injection, XSS, SSRF, and path traversal. Custom patterns, extended rule sets, and scan history require Self-Hosted Pro or higher.
Can I self-host the MCP server?
Yes. The MCP server runs locally on your machine via npx safeweave-mcp. On the free tier you get 3 scanners; Self-Hosted Pro ($15/mo) unlocks all 8 scanners and compliance profiles while keeping everything local. Only license verification touches our servers.
Featured On