I built a security scanner that outputs Claude Code prompts to fix each vulnerability

The problem

Every security scanner I tried fell into one of three buckets:

1. Enterprise-priced — Qualys, Detectify, Snyk enterprise: $1k-10k/year. Overkill for a solo project.
2. DIY — OWASP ZAP, Burp Suite: great, but a full weekend to set up and tune.
3. Free but useless — SSL Labs, Mozilla Observatory: "you're B-rated." Ok, but what do I actually change?

As a solo dev shipping fast, I wanted something in the middle. So I built ScanMyVibe.

What it does differently

Every scan returns:

• Severity-ranked vulnerabilities
• A ready-to-paste Claude Code prompt per issue — literally the one-liner you drop into Cursor/VS Code that fixes it
• PDF report for compliance trail

Example output for a missing CSP header:

Add the following Content-Security-Policy header to your Next.js next.config.js middleware: default-src 'self'; script-src 'self' 'nonce-{NONCE}' 'strict-dynamic'; ...

No interpretation needed, no "go read the MDN docs."

Stack

• Next.js 15 App Router + Prisma + Railway
• Custom checks: HTTP headers, SSL/TLS config, cookie flags, exposed env vars, common misconfigurations
• AI-generated fix prompts per vulnerability class (cached, not real-time LLM)
• NextAuth v5 for optional accounts
• Stripe for PRO tier ($29/mo: scheduled monitoring + breach alerts on your stack)

Try it

Free, no signup needed for first 3 scans: scanmyvibe.co

Would love feedback:

• Which checks am I missing?
• Which fixes are too noisy or incorrect?
• Is $29/mo PRO priced right for indie devs?