Security Audit Suite
Enterprise-grade security
on every build.
47 automatic checks run on every single build. 8 static analysis checks plus 7 AI analysis passes covering OWASP Top 10, licence compliance, dependency vulnerabilities, secret detection, and architecture alignment. Security is not a setting you enable — it's part of every build.
Download Free8 automatic checks
Static analysis tools that run deterministically on every build, in sequence, with zero tolerance for critical findings.
npm audit
Scans all dependencies for known CVEs from the npm advisory database. Fails on critical and high severity findings.
TypeScript compilation
Runs tsc --strict to catch type errors before runtime. Zero-tolerance policy — no errors means no errors.
ESLint analysis
Security-focused ESLint rules including no-eval, no-new-func, and framework-specific XSS prevention rules.
Dependency analysis
Checks for outdated packages, duplicate dependencies, and packages with known security issues beyond CVEs.
Licence checker
Detects GPL, AGPL, and LGPL licences in dependencies. Flags copyleft licences that may conflict with commercial use.
Secret detection
Pattern matching for hardcoded API keys, connection strings, private keys, and tokens in source files.
OSV CVE query
Queries the Open Source Vulnerability database for vulnerabilities in all transitive dependencies.
.gitignore validation
Verifies that sensitive files (.env, secrets.json, private keys) are correctly excluded from version control.
7 AI analysis types
AI passes that look beyond pattern matching to understand intent, quality, and architectural coherence.
Security review
AI analysis for authentication bypasses, authorisation flaws, injection vectors, and insecure direct object references.
Performance analysis
Identifies N+1 query patterns, missing database indices, unbounded loops, and memory leak patterns.
Accessibility
WCAG 2.1 Level AA compliance checking for interactive elements, heading structure, and ARIA attribute correctness.
Code quality
Cyclomatic complexity, function length, coupling metrics, and adherence to the shared contract conventions.
Architecture alignment
Verifies that the generated code implements the full Echo Map specification without gaps or departures.
Test coverage
Identifies untested public interfaces, missing error path coverage, and integration test gaps.
Documentation completeness
Checks that public APIs, environment variables, and deployment requirements are documented.
OWASP Top 10 coverage
How Claiv Studio addresses each item in the OWASP Top 10 — the industry standard for web application security risks.
A01Broken Access ControlRole-based access generated from the Echo Map contract. Every route has explicit permission requirements.
A02Cryptographic FailuresTLS enforced in generated infrastructure. Password hashing uses bcrypt by default. Secrets never in source.
A03InjectionParameterised queries generated by default. Input validated against Zod schemas before any DB operation.
A04Insecure DesignArchitecture review at the Echo Map stage catches insecure design patterns before code is written.
A05Security MisconfigurationGenerated configs use secure defaults. HTTP security headers included. Debug mode gated on NODE_ENV.
A06Vulnerable Componentsnpm audit and OSV query run on every build. Licence checker prevents problematic dependencies.
A07Auth and Session FailuresAuth generated from the Auth Echo Map category. JWT expiry, refresh token rotation, and session invalidation included by default.
A08Software Integrity FailuresBuild pipeline runs in an isolated sandbox. Dependency integrity verified. No untrusted plugins in the generation chain.
A09Logging and Monitoring FailuresStructured logging generated for all auth events, errors, and API responses. Log format follows the shared contract.
A10Server-Side Request ForgeryExternal HTTP calls generated with allowlist validation. No direct user-controlled URL fetching without explicit approval.
Security built in, not bolted on.
Download Studio free. 47 security checks run on every build from day one.
Download Studio — Free