Lovable
Scan a deployed Lovable app for exposed frontend secrets, Supabase configuration, RLS risk, security headers and other evidence-backed web findings.
See coverage and examplesSecurity by build path
The scanner remains evidence-led and platform-independent. These guides explain common risk paths, coverage boundaries and the verification loop.
Scan a deployed Lovable app for exposed frontend secrets, Supabase configuration, RLS risk, security headers and other evidence-backed web findings.
See coverage and examplesCheck a Cursor-built app’s deployed surface, shipped bundles and connected repository for evidence-backed security findings and concrete fix paths.
See coverage and examplesScan a deployed Bolt.new app for frontend secret exposure, Supabase or Firebase risk, CORS, headers, TLS and other evidence-backed findings.
See coverage and examplesReview a deployed v0 or Next.js app for exposed secrets, server/client boundary mistakes, headers, dependencies and evidence-backed web risks.
See coverage and examplesScan a deployed Replit app for exposed files, frontend secrets, weak web controls and connected-code risks without claiming untested coverage.
See coverage and examplesCheck a Windsurf-built application’s live surface and connected source for evidence-backed security findings, clear limits and fix-ready context.
See coverage and examplesScan apps built with Claude Code, review evidence-backed live and source findings, and continue the verification loop through BoringSec MCP.
See coverage and examplesCheck a deployed app for Supabase service-role exposure and bounded, read-only evidence about anonymous table or storage access and RLS posture.
See coverage and examplesInspect public HTML and same-origin JavaScript for supported secret-shaped credentials, masked evidence and clear distinctions between secret and publishable keys.
See coverage and examplesPlatform context changes the explanation—not the standard of proof. Every result keeps its scanner source, evidence state and coverage limit.