AI coding assistants move fast. They can refactor modules, add dependencies, and wire up integrations before you've finished reading the diff. That speed is valuable, but security issues can slip in just as quickly: hardcoded API keys, string-concatenated SQL queries, debug endpoints that never get removed.
So we built something to help catch these issues early.
What It Does
mrq now scans your code changes for common security vulnerabilities automatically. Every snapshot triggers a background analysis looking for:
- Hardcoded secrets, API keys, and credentials
- SQL injection patterns
- XSS vulnerabilities
- Exposed sensitive data
- Insecure configurations
- Debug code that shouldn't ship
Results appear in your dashboard. If something gets flagged, you'll see a warning on that snapshot with details about what was found and where.
Issues are displayed inline with your snapshot history.
Why It Matters
Traditional security scanning happens in CI/CD, often hours after code was written. By then, the context is gone.
With mrq, feedback is immediate. You're still in the middle of your session when an issue gets flagged. You can fix it while everything is fresh.
Limitations
This is experimental. Security analysis is hard, and we're using AI to identify patterns. There will be false positives and false negatives. This is not a replacement for proper security audits, code review, or dedicated scanning tools in your pipeline.
Think of it as an early warning system. A nudge to double-check something before it gets committed.
Availability
Security audits are available on paid plans (Starter, Pro, Team). The feature runs automatically with no configuration needed.
Top comments (0)