Shipped Fixor last month. It's a GitHub App that installs in 30 seconds and
runs automatically on every PR.
What it does: sends the PR diff to Claude AI, detects SQL injection
vulnerabilities in context (not just pattern matching), and posts a review
comment directly on the PR with the exact file/line, severity level, risk
explanation, and a safe code replacement.
It also generates a downloadable PDF report per scan — useful if you need
something compliance-ready to share with your team or a client.
Real output from a scan on my own repo:
- 2 vulnerabilities found (1 high, 1 medium)
- 2 fixes generated
- Scan completed in 13 seconds
Pricing: Free (3 repos) / Pro $19/mo / Enterprise $99/mo
Would genuinely appreciate installs and harsh feedback — especially if
something in the output is confusing or wrong.
Top comments (1)
Happy to answer any questions about how the Claude AI analysis works vs
traditional static analysis tools like Semgrep.