308 named checks. OWASP 2025-aligned. CWE-mapped. Auditable. Use Copilot or Claude to write code — use CodeSlick to certify it's safe to ship.
Security reviews for your team in 3 simple steps
One-click installation. Choose repositories and authorize CodeSlick. Setup takes 2 minutes.
CodeSlick analyzes automatically on every push. No manual triggers or workflow changes required.
Findings posted as PR comment. Apply AI-generated fixes individually with one click per issue.
Catch issues before they reach GitHub. Install the CodeSlick CLI to automatically scan your code on every commit - locally, in less than 3 seconds.
npm install -g codeslick-clicodeslick setupAuto-scans on every commit (<3s)
Security analysis inside Claude Code. Scan code, detect secrets, audit dependencies, and generate SBOMs without leaving your AI workflow.
Your team is generating AI-assisted code every day. Do you know where it is, what it contains, or which parts were hallucinated? 164 detection signals build the inventory you don't have yet.
We audited 4 major AI SDKs and found the same pattern in every one: AI-generated code with hallucinated methods, copied across files, deployed without anyone tracking it. One generation mistake became eight bugs because nobody could see the footprint.
MCP servers are the new attack surface for AI-assisted development. Tool poisoning, prompt injection, malicious server responses — CodeSlick is the first static analyzer to cover them with named, auditable checks.
Named, auditable check IDs
Detects AI-generated methods that don't exist in the language
Behavioral patterns indicating AI-generated code
Unique patterns from specific AI coding tools
Paste your code. Get an inventory of AI-generated patterns, hallucinated methods, and LLM fingerprints — no installation required.
First platform to support OWASP 2025 - released December 2025, compliant January 2026. Six months ahead of the industry.
The OWASP Top 10 is the industry-standard list of the most critical web application security risks, published by the Open Web Application Security Project. It's used by organizations worldwide for security compliance (SOC 2, ISO 27001, PCI-DSS) and developer education.
Whether you're a team or individual developer, CodeSlick has you covered
GitHub App Integration
Automated security protection for your entire team. CodeSlick guards every pull request in under 3 seconds and posts protection status as GitHub comments. Security without slowing down.
2-minute setup, works with existing workflow
Every push activates security guardian
Analytics, trends, and insights
Owner, admin, and member roles
Team plan: €39/month
Web-Based Tool
Instant security protection for any code snippet. Paste your code and get immediate protection status—no signup or installation required.
No credit card required
Works directly in browser
Protection status in <3 seconds
HTML, Markdown, or JSON format
Same comprehensive analysis
No signup required • Start analyzing immediately
Comprehensive security analysis across code, dependencies, and APIs.
Comprehensive security checks for SQL injection, XSS, command injection, hardcoded secrets, AI-generated code, and more across all layers
Scanners for vulnerable packages in your dependencies using Google OSV database
Critical checks for insecure HTTP, missing auth, API key exposure, and CORS issues
Guard your code against threats before production. Get instant protection status in seconds.
Comprehensive security guardian: Static analysis + Compiler checks + Secrets detection + Dependency protection + API security
Automated PR security + optional SARIF upload to GitHub Security tab (industry-standard format)
Invite team members, manage roles, and collaborate on security fixes
Security protection activates in 2-3 seconds, no waiting required
Claude Sonnet 4.6 generates intelligent fixes for files up to 300 lines (10-90s)
Industry-standard severity scoring with OWASP Top 10 mapping
Automatic mapping to CWE, PCI-DSS, and compliance frameworks
JavaScript, Enhanced TypeScript (95%+ error detection), Python, Java, Go
Industry-first protection against AI-generated code threats. 164 protection signals: 119 hallucination patterns + 13 heuristics + 32 LLM fingerprints (GPT-4, Copilot, Claude, Cursor)
Critical findings automatically create GitHub issues with smart deduplication — no duplicate issues, even across multiple PR scans.
Block merges when critical vulnerabilities are found. Configurable thresholds per severity — CI fails, PR blocked, team notified.
Opt-in PR comment after security fixes — reminds developers to run tests before merging. Configurable test command per team.
Unlock unlimited AI-powered code fixes by configuring your own API key
Configure any provider that supports OpenAI-compatible APIs:
Configure your API key now to unlock unlimited AI-powered fixes
308 layers of protection across 5 languages (JavaScript, TypeScript, Python, Java, Go)
Fair, transparent pricing. Use your own API key for unlimited AI fixes, or let us manage it for you.
Perfect for individual developers
+ AI options: €0-60/month (flexible)
For teams that need collaboration
Everything in Free, plus:
+ AI options: €0-120/month (flexible)
For large teams with custom needs
Everything in Team, plus:
Need more? Custom plans available for enterprises.
Contact us for Custom plan pricing →| Feature | Free €0/month | Team €39/month MOST POPULAR | Enterprise €129/month |
|---|---|---|---|
| Security Checks | 308 checks | 308 checks | 308 checks |
| OWASP 2025 Coverage | 95% | 95% | 95% |
| Monthly PR Analyses | 20 | Unlimited | Unlimited |
| Team Members | 1 | Up to 5 | Unlimited |
| Repositories | 1 | 5 | Unlimited |
| Languages Supported | 5 (JS, TS, Python, Java, Go) | 5 (JS, TS, Python, Java, Go) | 5 (JS, TS, Python, Java, Go) |
| Pattern-Based Fixes | Unlimited | Unlimited | Unlimited |
| AI-Powered Fixes (Generate Fix) | 30/month | 30 + flexible options: Own key (unlimited, €0) or Credit pack (+500, €10) or Unlimited (+€60) | 30 + flexible options: Own key (unlimited, €0) or Credit pack (+1000, €25) or Unlimited (+€120) |
| Secrets Detection (38 patterns) | |||
| AI Code Detection (164 signals) | |||
| SARIF Upload (GitHub Security Tab) | |||
| SBOM Generation | |||
| Team Analytics Dashboard | |||
| GitHub Issues Auto-Creation | |||
| Pass/Fail Gates (block merges) | |||
| Custom Security Rules | |||
| Support | Priority Email (48h) | Dedicated (24h) | |
| Uptime SLA | - | 99% | 99.9% |
Yes! We offer special pricing for YC companies, accelerator participants, and open-source projects. Contact us at support@codeslick.dev for details.
Yes! You can upgrade or downgrade your plan at any time. Changes take effect at the start of the next billing cycle.
We accept all major credit cards (Visa, Mastercard, American Express) via Stripe. Enterprise customers can request invoicing.
No. Your source code is analyzed in memory and never stored permanently. Only analysis results are retained for 30 days (for shareable reports).
No credit card required for free plan • Cancel anytime • Secure payment via Stripe
Architecture patterns, threat models, and security controls for teams deploying production AI agents. 3-page technical brief — no fluff.
Threat Models
Prompt injection, tool poisoning, data exfiltration — the attack surface specific to agentic systems.
Architecture Patterns
How to layer SAST, policy enforcement, and runtime checks across WebTool, GitHub App, and CLI.
Security Controls
Per-surface controls with pass/fail thresholds, policy-as-code, and CI/CD integration patterns.
Choose your protection: Install GitHub App for teams or try the web tool for instant protection
No credit card required • 308 security checks • Supports JS, TS, Python, Java, Go