Hey HN! I built CodeShield AI after seeing too many startups get burned by leaked secrets.
The problem: 83% of breaches involve leaked credentials (Verizon DBIR). One hardcoded AWS key can drain your entire cloud account in hours. I saw a startup lose $50K in 4 hours this way. GitGuardian and Snyk charge $25-50/month which is expensive for indie developers.
CodeShield detects 10+ secret types (AWS keys, GitHub tokens, Stripe keys, API tokens, passwords, database connection strings, JWT tokens, private keys) plus SQL injection and XSS vulnerabilities. Scans repos in under 3 minutes with 97% accuracy.
Tech stack:
- Python-based pattern matching with regex
- GitHub Actions integration
- LemonSqueezy for automated license delivery
- Open source core (free for public repos)
- Paid tier for private repo scanning
Pricing: Free for public repos forever, $19/month for Pro (private repos), $39/month for teams.
It's fully open source with automated license key delivery. GitHub Action included for CI/CD integration.
The business model is freemium - free tier builds trust and gets users hooked, paid tier unlocks private repo scanning (which is where the real value is for professionals and companies).
I'd love feedback on:
- Feature priorities (what would make you actually use this?)
- Pricing model (too high? too low?)
- Detection accuracy (any secret types I'm missing?)
- Integration points (what tools should I integrate with?)
Hey HN! I built CodeShield AI after seeing too many startups get burned by leaked secrets.
The problem: 83% of breaches involve leaked credentials (Verizon DBIR). One hardcoded AWS key can drain your entire cloud account in hours. I saw a startup lose $50K in 4 hours this way. GitGuardian and Snyk charge $25-50/month which is expensive for indie developers.
CodeShield detects 10+ secret types (AWS keys, GitHub tokens, Stripe keys, API tokens, passwords, database connection strings, JWT tokens, private keys) plus SQL injection and XSS vulnerabilities. Scans repos in under 3 minutes with 97% accuracy.
Tech stack: - Python-based pattern matching with regex - GitHub Actions integration - LemonSqueezy for automated license delivery - Open source core (free for public repos) - Paid tier for private repo scanning
Pricing: Free for public repos forever, $19/month for Pro (private repos), $39/month for teams.
It's fully open source with automated license key delivery. GitHub Action included for CI/CD integration.
The business model is freemium - free tier builds trust and gets users hooked, paid tier unlocks private repo scanning (which is where the real value is for professionals and companies).
I'd love feedback on: - Feature priorities (what would make you actually use this?) - Pricing model (too high? too low?) - Detection accuracy (any secret types I'm missing?) - Integration points (what tools should I integrate with?)
GitHub: https://github.com/Lydiamorgan85/codeshield-ai Marketplace: https://github.com/marketplace/actions/codeshield-ai-securit...
Happy to answer any technical questions!