Question 1

What is ShipSafe?

Accepted Answer

ShipSafe is a security scanner built specifically for AI-generated code. It scans your actual GitHub repository — not just a URL — using 30+ security checks to find vulnerabilities that AI coding tools like Cursor, Lovable, Bolt, v0, and Replit commonly introduce. Paste a GitHub URL and get a plain-English security report in under 2 minutes.

Question 2

How does ShipSafe work?

Accepted Answer

ShipSafe clones your GitHub repository and performs deep static analysis including authentication flow analysis, authorization boundary checking, secret detection, and OWASP Top 10 vulnerability scanning. Unlike URL-based scanners that only check surface-level issues, ShipSafe reads your actual codebase to find logic-level bugs like inverted auth conditions and missing ownership checks.

Question 3

Is ShipSafe free?

Accepted Answer

Yes. ShipSafe offers a free plan with 3 scans per month, no credit card required. Paid plans start at $12/month for CLI access with unlimited scans and CI/CD integration via GitHub Actions.

Question 4

What vulnerabilities does ShipSafe detect?

Accepted Answer

ShipSafe detects IDOR (Insecure Direct Object References), inverted authentication logic, frontend-only role checks, hardcoded API keys and secrets, SQL injection, cross-site scripting (XSS), CSRF vulnerabilities, missing rate limiting, and more across the OWASP Top 10 categories. In our scan of 100 AI-built apps, 67% had at least one critical vulnerability.

Question 5

Is Cursor safe?

Accepted Answer

Cursor the editor is SOC 2 Type II certified. However, three CVEs were published against it in 2025, and the code it generates contains vulnerabilities roughly 45% of the time according to Stanford research. ShipSafe is built to catch the security issues that Cursor's AI introduces into your codebase.

Question 6

How is ShipSafe different from other security scanners?

Accepted Answer

ShipSafe scans your actual GitHub repository source code, not just a deployed URL. It uses AI to understand authentication flows and authorization logic — catching bugs like inverted auth conditions that regex-based scanners miss. It's specifically tuned for patterns that AI coding tools like Cursor, Lovable, and Bolt commonly generate.

How much is a breach worth to you?

Quick Check

Pro Audit

Growth

Shield

Why AI scanning matters

Compare Plans

Scan on every commit

Solo

Builder

Agency