The latest articles on DEV Community by TOM IRN (@tomwartenbergirn). https://dev.to/tomwartenbergirn https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3985841%2F952e4a45-1189-48e9-a081-a2ff7fb38527.jpeg https://dev.to/tomwartenbergirn en TOM IRN Mon, 15 Jun 2026 15:35:20 +0000 https://dev.to/tomwartenbergirn/i-built-my-first-small-saas-to-make-code-reviews-feel-less-confusing-5704 https://dev.to/tomwartenbergirn/i-built-my-first-small-saas-to-make-code-reviews-feel-less-confusing-5704 <p>Hey DEV community,</p> <p>over the last weeks I built and launched a small solo project called AegisPlay.</p> <p>The idea came from a simple frustration I had while working with code/security analysis tools:</p> <p>A lot of tools can tell you that something is wrong, but the output often feels noisy, cryptic, or disconnected from the practical question a developer has in that moment:</p> <ul> <li>What is actually wrong?</li> <li>Where is it in the code?</li> <li>Why does it matter?</li> <li>Is this a real security issue or just a code-quality warning?</li> <li>What would a safer pattern look like?</li> </ul> <p>So I wanted to build something smaller and more direct.</p> <p>AegisPlay is an explainable SAST playground for code snippets. You paste a snippet, run an analysis, and get a structured breakdown of the findings in a more readable form.</p> <p>It has two modes:</p> <ul> <li>Code Audit — focuses on maintainability, validation, architecture, production-readiness, and general code quality</li> <li>Security Test — focuses more directly on exploitability, such as command injection, unsafe deserialization, SQL injection, secrets, debug exposure, and risky execution paths</li> </ul> <p>One thing I wanted to avoid was building “just another LLM wrapper”.</p> <p>The core flow is hybrid:</p> <ul> <li>deterministic checks and pattern matching look for risky structures</li> <li>findings are grouped by confidence and category</li> <li>Audit and Security modes prioritize different things</li> <li>sandbox/policy notes are separated from confirmed security findings</li> <li>reports are structured around What / Where / Why / Fix</li> <li>an AI Engineer Insight layer then explains and prioritizes the result in more human-readable language</li> </ul> <p>It is not meant to replace a professional audit or an enterprise SAST pipeline. The goal is more modest:</p> <p>Help developers, learners, indie hackers, and small teams understand risky code faster.</p> <p>Right now I am mainly interested in feedback on the overall experience:</p> <ul> <li>Is the tool understandable when you first open it?</li> <li>Are the findings useful?</li> <li>Is the difference between Audit Mode and Security Test clear?</li> <li>Does the output help you understand the problem faster?</li> <li>Does it overflag or underflag anything obvious?</li> </ul> <p>Everyone gets a few free analyses. No purchase needed. I am mostly trying to learn whether the concept is useful outside my own testing.</p> <p>Please do not paste production secrets or sensitive code. It is still a beta.</p> <p>You can try it here:</p> <p><a href="https://aegisplay.net" rel="noopener noreferrer">https://aegisplay.net</a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F64b7grazr9b4njyzebfs.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F64b7grazr9b4njyzebfs.jpg" alt=" " width="800" height="1733"></a></p> security webdev python ai