I built my first small SaaS to make code reviews feel less confusing. 👋

#python #ai #security #webdev

Hey DEV community,

over the last weeks I built and launched a small solo project called AegisPlay.

The idea came from a simple frustration I had while working with code/security analysis tools:

A lot of tools can tell you that something is wrong, but the output often feels noisy, cryptic, or disconnected from the practical question a developer has in that moment:

What is actually wrong?
Where is it in the code?
Why does it matter?
Is this a real security issue or just a code-quality warning?
What would a safer pattern look like?

So I wanted to build something smaller and more direct.

AegisPlay is an explainable SAST playground for code snippets. You paste a snippet, run an analysis, and get a structured breakdown of the findings in a more readable form.

It has two modes:

Code Audit — focuses on maintainability, validation, architecture, production-readiness, and general code quality
Security Test — focuses more directly on exploitability, such as command injection, unsafe deserialization, SQL injection, secrets, debug exposure, and risky execution paths

One thing I wanted to avoid was building “just another LLM wrapper”.

The core flow is hybrid:

deterministic checks and pattern matching look for risky structures
findings are grouped by confidence and category
Audit and Security modes prioritize different things
sandbox/policy notes are separated from confirmed security findings
reports are structured around What / Where / Why / Fix
an AI Engineer Insight layer then explains and prioritizes the result in more human-readable language

It is not meant to replace a professional audit or an enterprise SAST pipeline. The goal is more modest:

Help developers, learners, indie hackers, and small teams understand risky code faster.

Right now I am mainly interested in feedback on the overall experience: