codescanFast, Configurable Code Security Scanner

Detect secrets, exploits, weak crypto, and unicode attacks across your entire codebase in seconds.

🔑

Secret Detection

Catch hardcoded passwords, API keys, tokens, private keys, and high-entropy strings before they reach production.

🛡️

Detect SQL injection, XSS, command injection, path traversal, deserialization, prototype pollution, and 20+ more vulnerability patterns.

🔐

Flag weak algorithms (MD5, SHA1, DES, RC4, ECB mode), insecure random, hardcoded IVs, and missing TLS verification.

🌐

Identify Trojan Source (CVE-2021-42574) bidirectional control characters and homoglyph substitutions.

⚙️

TOML config file, per-file/line/rule suppression, severity overrides, custom JSON rules, glob excludes, and more.

⚡

Parallel file scanning with Rayon, gitignore-aware traversal, and compiled regex patterns. Scans millions of lines in seconds.