CI/CD Ready Security Scanner

Security Scanner for React Native

Catch vulnerabilities before production. One command. Zero setup.

Read the docsOpen source • MIT

Static Security Analysis

Get detailed insights into your app's security posture and vulnerabilities.

Security Analysis

Dec 9, 2025 • 9:44 PM
6
Critical
15
High
21
Medium
CRITICALInsecure AsyncStorage usage detected
auth/storage.ts:42
CRITICALCleartext HTTP traffic allowed in network config
android/AndroidManifest.xml:8
HIGHAPI credentials found in source code
config/api.ts:15

Scan completed in 3.1s • 959 files analyzed

Run your first scan

No Setup. No Configuration. Instant Results.

Built for developers

Tool that understands React Native, Expo, WebViews, mobile storage, and platform-specific risks and vulnerabilities.

68+ Security Rules

Comprehensive detection of insecure storage, cleartext traffic, hardcoded secrets, and more.

Zero Configuration

Works out of the box with React Native and Expo. No setup files or configuration needed.

100% Private

All scanning happens locally on your machine. Your code never leaves your system.

Lightweight & Fast

Minimal dependencies and optimized performance. Scan your entire project in seconds.

CI/CD Ready

Seamless integration with GitHub Actions, GitLab CI, and other CI/CD platforms.

JSON & HTML Reports

Export detailed reports in HTML, JSON, or CLI format for easy sharing and integration.

What it catches

From hardcoded secrets to platform misconfigurations

CRITICAL

Hardcoded API Keys & Secrets

Detects exposed API keys, JWT tokens, AWS credentials, and other secrets in source code that can be extracted from app bundles.

CRITICAL

Insecure Data Storage

Identifies sensitive data stored in AsyncStorage without encryption. AsyncStorage is plaintext and accessible with root access.

CRITICAL

Android Cleartext Traffic

Detects when usesCleartextTraffic is enabled in AndroidManifest.xml, allowing unencrypted HTTP connections.

HIGH

WebView Security Issues

Finds dangerous WebView configurations like JavaScript injection, file access enabled, and missing URL validation.

HIGH

iOS App Transport Security

Catches disabled ATS or overly permissive exceptions that allow insecure HTTP connections on iOS.

HIGH

Weak Authentication Patterns

Detects insecure random generators for tokens, missing JWT expiry checks, and insecure password input fields.

View all 68+ security rules

Start securing your app today

Join developers building safer React Native applications with open-source tools

Read the docsView on GitHub