Episode 2 of Verified or Not — testing Debuggix against known repositories.
Last week: OWASP Juice Shop — 0 issues.
This week: Snyk's nodejs-goof — the deliberately vulnerable app Snyk uses to demo their own scanner.
🔍 THE SCAN
• 9 engines: Semgrep, Bandit, Gitleaks, TruffleHog, Trivy, ESLint, Hadolint, Checkov, OSV-Scanner
• 213 findings. 33 critical. 91 high.
• All 9 engines running in parallel
📊 THE RESULTS
• Needs Attention: 0
• Reviewed: 213
• Every finding marked intentional
🤖 WHY ZERO?
Debuggix detected this is a known vulnerable test repo. It read the README. It knew this app was built to be hacked. A dumb scanner would dump 213 findings. Debuggix understood context.
📅 THE SERIES
Episodes 1–6: Testing against known-vulnerable repos to prove Debuggix works.
Episode 7+: Scanning trending repos. Verified or Not?
🔗 Scan your repo free: Debuggix
Top comments (0)