🪅
For Cursor, Claude, Copilot Users

Find security blind spots
before attackers do

AI-powered security scanner for AI-generated code. 47 detection categories. One command.

Get Started Read the Docs
$ npx pinata-security-cli analyze . --verify
pinata — zsh
Architecture

Six layers of defense

Each layer catches what the previous one misses. Together, they eliminate false positives and confirm real vulnerabilities.

01 / 06
Pattern Scan
Static analysis across 47 vulnerability categories — SQLi, XSS, SSRF, command injection, path traversal, and more. Runs instantly, no network needed.
47 categories
02 / 06
Project Type Detection
Automatically identifies your stack — Next.js, Express, Django, Rails — and adjusts detection rules to match the threat model of your architecture.
Auto-adjusts rules
03 / 06
AI Verification
LLM semantic analysis confirms that flagged patterns are actually exploitable in context. Eliminates false positives that waste your time.
Pro feature
04 / 06
Test Generation
Creates runnable security tests for confirmed vulnerabilities. pinata generate --gaps --write adds missing coverage directly to your test suite.
Runnable tests
05 / 06
Mutation Testing
Mutates your code to verify that security tests actually catch what they claim to catch. Ensures 100% kill rate — no zombie tests that always pass.
100% kill rate
06 / 06
Dynamic Execution
Docker sandbox exploits confirmed vulnerabilities in full runtime isolation. Real proof-of-concept, not just static inference. Zero risk to your environment.
Docker sandbox
Test Generation

Fill the gaps AI left behind

AI coding tools generate code fast — but rarely generate security tests. Pinata finds what's missing and writes it for you.

Run pinata generate --gaps --write to auto-generate tests for every confirmed vulnerability, then verify them with mutation testing. Ship with proof.

generate output
$ pinata generate --gaps --write Analyzing test coverage gaps... Found 3 untested vulnerability paths Generated: tests/security/sql-injection.test.ts Generated: tests/security/xss-comments.test.ts Generated: tests/security/cmd-inject.test.ts Running mutation verification... sql-injection.test.ts — kill rate 100% xss-comments.test.ts — kill rate 100% cmd-inject.test.ts — kill rate 100% 3 tests written. All mutations killed. Commit these tests before shipping.
CI/CD Integration

Block vulnerabilities at the gate

Add Pinata to your GitHub Actions pipeline. Every PR gets scanned. Critical findings fail the build — automatically.

SARIF output integrates natively with GitHub Security tab. Results show up in code review exactly where the issue is.

.github/workflows/security.yml
name: Security Scan on: [push, pull_request] jobs: pinata: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Run Pinata Security Scan run: | npx --yes pinata-security-cli@latest \ analyze . \ --format sarif \ --output results.sarif \ --fail-on critical - uses: github/codeql-action/upload-sarif@v3 if: always() with: sarif_file: results.sarif
Comparison

Why not just use Snyk?

Other tools find known CVEs. Pinata finds the vulnerabilities your AI wrote into your own code.

Capability Pinata Snyk Semgrep CodeQL
Pattern-based static analysis
AI-generated code awareness
AI semantic verification ✓ Pro
False positive elimination Partial Partial Partial
Auto security test generation
Mutation test verification
Dynamic sandbox execution
Zero-config, no account needed Partial
Open source (MIT) OSS + Pro
SARIF output
Pricing

Simple, transparent pricing

Every plan includes AI verification. Pick the one that fits your team.

Starter
$19 /mo
For solo developers shipping AI-generated code.
  • 47 detection categories
  • AI semantic verification
  • 5 AI-verified scans/day
  • JSON & SARIF output
  • Email support
Get Started
Most Popular
Pro
$49 /mo
Full pipeline for professional teams.
  • Everything in Starter
  • Unlimited AI-verified scans
  • Security test generation
  • Mutation test verification
  • CI/CD integration
  • Priority support
Get Started
Team
$149 /mo
For teams shipping AI-generated code at scale.
  • Everything in Pro
  • 5 seats included ($25/seat after)
  • Team dashboard
  • Slack & webhook alerts
  • Team API keys with attribution
  • Dedicated support
Contact Us
Enterprise
Custom
Self-hosted. Your infra, your rules, your SLA.
  • Everything in Team
  • Self-hosted deployment
  • Custom detection rules
  • SLA & dedicated support
  • SSO/SAML
Contact Us
Get Started

Start scanning

No install, no account. One command.

npx --yes pinata-security-cli@latest analyze .

Add --verify with a Pro API key to enable AI semantic verification and eliminate false positives. Get your key above or email christian@pinata.sh.