Secure Code by Design
Automated security scanning for development teams using AI coding tools.
scd is a CLI tool that catches security vulnerabilities before they reach production — running quietly in the background via git hooks and on-demand scans. Built for both classic coding teams and teams using AI coding tools like Claude Code, GitHub Copilot, and Cursor, which generate code faster than security awareness can keep up with.
scd helps you find and fix common vulnerability patterns before they reach production, so that professional security assessments can focus on harder, context-specific problems.
What scd covers
- 189 security rules across JavaScript, TypeScript, Python, PHP, ASP.NET, and more
- Taint analysis — tracks user-controlled variables from HTTP input to dangerous sinks
- Git hooks — secrets scanning on pre-commit, full OWASP scan on pre-push
- Zero repo footprint — no files written or modified to your repository
- Exception management — reviewed exceptions tracked in config, never as code comments
- Audit trail — append-only scan history per repository
Starter vs Team
| Starter | Team | |
|---|---|---|
| Security rules | 189 | 189 |
| Git hooks | ✓ | ✓ |
| Reports (HTML/MD/JSON) | ✓ | ✓ |
| Team dashboard | — | ✓ |
| Exception approval flow | — | ✓ |
| CRA Compliance Report | — | ✓ |
| Deep Analysis (AI) | — | ✓ |
Team requires scd-server running in your own infrastructure. No code, findings, or scan data ever leaves your network.
See securecodebydesign.com for plans and pricing.
Get started
- Installation — install scd and set up git hooks
- Quick start — run your first scan in five minutes
- CLI reference — complete command reference
- scd-server — team features and self-hosted server