Skip to content

Security by build path

Start with the risks relevant to your application

The scanner remains evidence-led and platform-independent. These guides explain common risk paths, coverage boundaries and the verification loop.

AI builder workflow

Lovable

Scan a deployed Lovable app for exposed frontend secrets, Supabase configuration, RLS risk, security headers and other evidence-backed web findings.

See coverage and examples
AI builder workflow

Cursor

Check a Cursor-built app’s deployed surface, shipped bundles and connected repository for evidence-backed security findings and concrete fix paths.

See coverage and examples
AI builder workflow

Bolt

Scan a deployed Bolt.new app for frontend secret exposure, Supabase or Firebase risk, CORS, headers, TLS and other evidence-backed findings.

See coverage and examples
AI builder workflow

v0

Review a deployed v0 or Next.js app for exposed secrets, server/client boundary mistakes, headers, dependencies and evidence-backed web risks.

See coverage and examples
AI builder workflow

Replit

Scan a deployed Replit app for exposed files, frontend secrets, weak web controls and connected-code risks without claiming untested coverage.

See coverage and examples
AI builder workflow

Windsurf

Check a Windsurf-built application’s live surface and connected source for evidence-backed security findings, clear limits and fix-ready context.

See coverage and examples
AI builder workflow

Claude Code

Scan apps built with Claude Code, review evidence-backed live and source findings, and continue the verification loop through BoringSec MCP.

See coverage and examples
Backend boundary

Supabase RLS

Check a deployed app for Supabase service-role exposure and bounded, read-only evidence about anonymous table or storage access and RLS posture.

See coverage and examples
Secret exposure

API key checker

Inspect public HTML and same-origin JavaScript for supported secret-shaped credentials, masked evidence and clear distinctions between secret and publishable keys.

See coverage and examples

One evidence model across every build path

Platform context changes the explanation—not the standard of proof. Every result keeps its scanner source, evidence state and coverage limit.