Security Scans

On-demand security scanning for your codebase, paths, and PR diffs.

What it scans for

Codeteel focuses on CRITICAL and HIGH severity vulnerabilities only:

Critical
  • Hardcoded secrets, API keys, passwords
  • SQL injection
  • Command injection
  • Authentication bypass
  • Path traversal
  • Insecure deserialization
High
  • XSS (unescaped user input)
  • SSRF (user-provided URLs)
  • Insecure cryptography
  • Missing CSRF protection
  • Overly permissive CORS
  • Missing rate limiting on auth

Three scan modes

/security                  # Full codebase scan
/security src/auth/        # Scan specific path
/security pr 42            # Scan PR #42 diff only

How it works

For full codebase scans, Codeteel uses a smart two-pass approach:

  • Pass 1: Read file summaries from the index and regex-match for security keywords (inject, auth, bypass, etc.)
  • Pass 2: Only read full code for flagged files + files with sensitive names (auth, login, token, password, config, etc.)

This keeps scans fast (reads ~30 files max) without missing critical issues.

For PR scans, only the changed files in the PR diff are analyzed.

i
Security scans are also available on all platforms: /codeteel security (Slack), /security (Telegram/Discord).
Next: PR & Issue Reviews