DEV Community: Hamza

I built a security scanner that outputs Claude Code prompts to fix each vulnerability

Hamza — Tue, 21 Apr 2026 12:40:30 +0000

I built a security scanner that outputs Claude Code prompts to fix each vulnerability

The problem

Every security scanner I tried fell into one of three buckets:

Enterprise-priced — Qualys, Detectify, Snyk enterprise: $1k-10k/year. Overkill for a solo project.
DIY — OWASP ZAP, Burp Suite: great, but a full weekend to set up and tune.
Free but useless — SSL Labs, Mozilla Observatory: "you're B-rated." Ok, but what do I actually change?

As a solo dev shipping fast, I wanted something in the middle. So I built ScanMyVibe.

What it does differently

Every scan returns:

Severity-ranked vulnerabilities
A ready-to-paste Claude Code prompt per issue — literally the one-liner you drop into Cursor/VS Code that fixes it
PDF report for compliance trail

Example output for a missing CSP header:

Add the following Content-Security-Policy header to your Next.js next.config.js middleware: default-src 'self'; script-src 'self' 'nonce-{NONCE}' 'strict-dynamic'; ...

No interpretation needed, no "go read the MDN docs."

Stack

Next.js 15 App Router + Prisma + Railway
Custom checks: HTTP headers, SSL/TLS config, cookie flags, exposed env vars, common misconfigurations
AI-generated fix prompts per vulnerability class (cached, not real-time LLM)
NextAuth v5 for optional accounts
Stripe for PRO tier ($29/mo: scheduled monitoring + breach alerts on your stack)

Try it

Free, no signup needed for first 3 scans: scanmyvibe.co

Would love feedback:

Which checks am I missing?
Which fixes are too noisy or incorrect?
Is $29/mo PRO priced right for indie devs?