API security scanning
that actually finds issues
Black-box, white-box, or hybrid — surface auth bypass, CORS misconfigs, exposed secrets, and more.
- Auth bypass detection on every endpoint
- Static analysis for hardcoded secrets
- Export to JSON, HTML, or SARIF
fendix scan
CRITICALMissing auth on /api/users
HIGHCORS wildcard detected
MEDIUMNo Content-Security-Policy
Open-source · MIT License · No account required for CLI