For Episode 3 of Verified or Not, I pointed Debuggix at Kubernetes Goat — a deliberately vulnerable K8s cluster designed for security training.
The Raw Numbers
- 134 total findings
- 2 critical
- 32 high
- 33 medium
- 14 low
A traditional scanner would dump all 134 on you and call it a day.
What Debuggix Did Differently
The AI filter cross-referenced every finding against the project's README. It saw "deliberately vulnerable" and "security training" — and correctly classified all 134 findings as intentional.
Needs Attention: 0
Reviewed: 134
Every "critical" and "high" finding was part of the training environment. The filter understood the project's purpose.
Why This Matters
Most security tools are dumb. They flag everything. Debuggix reads your project documentation and understands context. A vulnerable training cluster shouldn't trigger the same alarms as a production API.
Watch the Full Episode
[YouTube link]
Previous Episodes
- Ep 1: OWASP Juice Shop — 200+ findings, AI knew it was a training app
- Ep 2: nodejs-goof — Snyk's demo app, prototype pollution caught
Scan Your Own Repo
Free for public repos. 9 engines, 60 seconds, AI-filtered results.
Top comments (0)