2 AM. Server configured, CI passing. You're ready to deploy. But you're not a security engineer.
Does your code have this?
cursor.execute(f"SELECT * FROM users WHERE id = {user_id}")
Or this?
GITHUB_TOKEN = "ghp_abc123..."
SecureShip Pro is a dual-engine code security scanner. One engine for SQL injection, one for credential leaks. One command, 2-minute HTML report. Zero dependencies, pure Python stdlib.
SQL Scanner catches: f-string SQL concatenation, string + SQL assembly, format() in queries — across Python, JS, TS, Java, Go, PHP, Ruby.
Credential Scanner detects: GitHub tokens, OpenAI keys, AWS access keys, Stripe live keys, Slack bot tokens, JWT tokens. Uses Shannon entropy to flag unknown high-entropy strings. Also checks whether .env files are in .gitignore.
CI/CD ready: exit code 1 on any finding. All credentials masked in reports. Tested on an 87-line file: 2.3 seconds, 12 findings.
Get SecureShip Pro on Gumroad | Payhip
Read the full bilingual article on the blog.
This article first appeared on my tech blog
Top comments (0)