Main Menu
  • Tools
  • Developers
  • Topics
  • Discussions
  • News
  • Blogs
  • Builds
  • Contests
Create
    EveryDev.ai
    Sign inSubscribe
    Home
    Tools

    1,828+ AI tools

    • New
    • Trending
    • Featured
    • Compare
    Categories
    • Agents891
    • Coding869
    • Infrastructure377
    • Marketing357
    • Design302
    • Research276
    • Projects271
    • Analytics266
    • Testing160
    • Integration157
    • Data150
    • Security131
    • MCP125
    • Learning124
    • Extensions108
    • Communication107
    • Prompts100
    • Voice90
    • Commerce89
    • DevOps70
    • Web66
    • Finance17
    1. Home
    2. Tools
    3. Ship Safe
    Ship Safe icon

    Ship Safe

    Application Security

    AI-powered application security CLI that runs 18 specialized agents in parallel to scan codebases for secrets, injection vulnerabilities, auth bypass, SSRF, supply chain attacks, and more.

    Visit Website

    At a Glance

    Pricing
    Open Source

    Fully free and open-source under the MIT License. All features included.

    Engagement

    Available On

    Web
    API
    CLI

    Resources

    WebsiteDocsGitHubllms.txt

    Topics

    Application SecurityCode SecurityAI Coding Assistants

    Alternatives

    VibekitSnykEndor Labs
    Developer
    asamassekou10Ship Safe builds an AI-powered application security platform…

    Listed Apr 2026

    About Ship Safe

    Ship Safe is an AI-powered application security platform for developers that runs 18 specialized security agents in parallel against your codebase with a single command. It covers 80+ attack classes including secrets detection, injection vulnerabilities, auth bypass, SSRF, supply chain attacks, LLM/agentic AI security, MCP server misuse, RAG poisoning, PII compliance, and CI/CD pipeline poisoning. The tool provides OWASP 2025 scoring with EPSS exploit probability, compliance mapping to SOC 2, ISO 27001, and NIST AI RMF, and integrates directly into CI/CD pipelines with GitHub PR comments, threshold gating, and SARIF output.

    • 18 Security Agents — Run in parallel covering injection, auth bypass, SSRF, supply chain, config auditing, Supabase RLS, LLM/MCP/agentic AI, RAG, PII, vibe coding, CI/CD, API fuzzing, and more.
    • Full Audit Command — Run npx ship-safe audit . for a complete scan including secrets, agents, dependency CVEs, scoring, and an interactive HTML remediation report.
    • OWASP 2025 Scoring — 8-category weighted scoring system (0-100, A-F grades) aligned with OWASP Top 10 2025 risk rankings with per-finding EPSS exploit probability.
    • LLM-Powered Deep Analysis — Use --deep flag with Anthropic, OpenAI, Google, Groq, Ollama, or any OpenAI-compatible provider to verify exploitability of critical findings.
    • Secrets Verification — Probes provider APIs (GitHub, Stripe, OpenAI, etc.) with --verify to check if leaked keys are still active.
    • CI/CD Integration — Dedicated npx ship-safe ci . command with compact output, exit codes, threshold gating, SARIF export, and GitHub PR comment posting.
    • MCP Server Scanning — npx ship-safe scan-mcp vets tool manifests for prompt injection and credential harvesting before connecting.
    • Claude Code Hooks — Install real-time hooks via npx ship-safe hooks install to block secrets before they touch disk and inject advisory findings into Claude's context.
    • Baseline Management — Accept current findings as a baseline and only report regressions on subsequent scans.
    • Incremental Scanning — Caches file hashes and findings for ~40% faster repeated scans; only changed files are re-scanned.
    • Policy-as-Code — Enforce team-wide security standards via .ship-safe.policy.json with minimum score, severity thresholds, and CVE age limits.
    • Compliance Mapping — Maps findings to SOC 2 Type II, ISO 27001:2022, and NIST AI Risk Management Framework controls.
    Ship Safe - 1

    Community Discussions

    Be the first to start a conversation about Ship Safe

    Share your experience with Ship Safe, ask questions, or help others learn from your insights.

    Pricing

    OPEN SOURCE

    Open Source (MIT)

    Fully free and open-source under the MIT License. All features included.

    • 18 security agents
    • 80+ attack classes
    • Secret scanning (50+ patterns)
    • OWASP 2025 scoring
    • Dependency CVE auditing

    Capabilities

    Key Features

    • 18 parallel security agents
    • 80+ attack class coverage
    • Secret scanning with entropy scoring (50+ patterns)
    • OWASP 2025 weighted scoring (0-100, A-F)
    • EPSS exploit probability scoring
    • LLM-powered deep taint analysis
    • Secrets liveness verification via provider API probing
    • Dependency CVE auditing (npm/pip/bundler)
    • MCP server manifest scanning
    • Agentic AI and LLM security (OWASP LLM Top 10)
    • CI/CD pipeline poisoning detection
    • Supabase RLS misconfiguration detection
    • Docker/Terraform/Kubernetes config auditing
    • PII compliance detection
    • Compliance mapping (SOC 2, ISO 27001, NIST AI RMF)
    • SARIF output for GitHub Code Scanning
    • Interactive HTML report with severity filtering
    • Baseline management for regression-only reporting
    • Incremental scanning with file hash caching
    • Policy-as-code enforcement
    • Claude Code hooks for real-time secret blocking
    • Claude Code plugin support
    • GitHub Actions integration with PR comments
    • Agent Bill of Materials (CycloneDX 1.5)
    • Multi-LLM support (Anthropic, OpenAI, Google, Groq, Ollama, etc.)
    • Vibe-check emoji security grade with shareable badge
    • Industry benchmark comparison
    • Git history secret scanning
    • Diff scanning for pre-commit and PR workflows

    Integrations

    GitHub Actions
    GitHub PR Comments
    Claude Code
    Anthropic Claude
    OpenAI
    Google Gemini
    Ollama
    Groq
    Together AI
    Mistral
    DeepSeek
    xAI Grok
    Perplexity
    LM Studio
    npm
    Supabase
    Stripe
    Firebase
    Terraform
    Kubernetes
    Docker
    SARIF / GitHub Code Scanning
    API Available
    View Docs

    Reviews & Ratings

    No ratings yet

    Be the first to rate Ship Safe and help others make informed decisions.

    Developer

    asamassekou10

    Ship Safe builds an AI-powered application security platform for developers, delivering 18 specialized security agents in a single CLI command. The project is MIT-licensed and maintained by asamassekou10 on GitHub. It covers OWASP Top 10 Web, Mobile, LLM, CI/CD, and Agentic AI standards, with compliance mapping to SOC 2, ISO 27001, and NIST AI RMF.

    Read more about asamassekou10
    WebsiteGitHub
    1 tool in directory

    Similar Tools

    Vibekit icon

    Vibekit

    Open-source safety layer for AI coding agents. Run agents like Claude Code and Gemini CLI in isolated Docker containers with secret redaction and full observability.

    Snyk icon

    Snyk

    Snyk is an AI-powered application security platform that finds, prioritizes, and helps fix vulnerabilities across code, open source dependencies, containers, infrastructure-as-code, and APIs.

    Endor Labs icon

    Endor Labs

    AI-powered application security platform that pinpoints and fixes critical risks across code, open source dependencies, and container images.

    Browse all tools

    Related Topics

    Application Security

    AI tools for securing software applications and identifying vulnerabilities.

    45 tools

    Code Security

    Tools that analyze code for security vulnerabilities and issues.

    28 tools

    AI Coding Assistants

    AI tools that help write, edit, and understand code with intelligent suggestions.

    343 tools
    Browse all topics
    Back to all tools
    Explore AI Tools
    • AI Coding Assistants
    • Agent Frameworks
    • MCP Servers
    • AI Prompt Tools
    • Vibe Coding Tools
    • AI Design Tools
    • AI Database Tools
    • AI Website Builders
    • AI Testing Tools
    • LLM Evaluations
    Follow Us
    • X / Twitter
    • LinkedIn
    • Reddit
    • Discord
    • Threads
    • Bluesky
    • Mastodon
    • YouTube
    • GitHub
    • Instagram
    Get Started
    • About
    • Editorial Standards
    • Corrections & Disclosures
    • Community Guidelines
    • Advertise
    • Contact Us
    • Newsletter
    • Submit a Tool
    • Start a Discussion
    • Write A Blog
    • Share A Build
    • Terms of Service
    • Privacy Policy
    Explore with AI
    • ChatGPT
    • Gemini
    • Claude
    • Grok
    • Perplexity
    Agent Experience
    • llms.txt
    Theme
    With AI, Everyone is a Dev. EveryDev.ai © 2026