Introduction
Learn what SecurityChecks is and how it finds security issues other tools miss.
Introduction to SecurityChecks
SecurityChecks is a security verification tool that proves your backend code meets critical security invariants before it reaches production. It verifies auth enforcement, injection safety, access control, webhook idempotency, tenant isolation, and more — the security properties that traditional scanners and code review routinely miss.
What We Check For
SecurityChecks verifies your code against critical security invariants:
P0 (Critical) Issues
- Missing Authorization Checks - Endpoints that don't verify user permissions
- Missing Rate Limiting - APIs vulnerable to abuse and DDoS attacks
- Race Conditions - Transaction-unsafe code that can be exploited
- Missing Idempotency - Webhook handlers that can process events multiple times
- Missing Input Validation - Endpoints that don't validate or sanitize inputs
P1 (Important) Issues
- Missing Cache Invalidation - Stale permission data after access changes
- Missing Audit Logging - Security-sensitive actions without records
- Hardcoded Secrets - API keys and passwords in source code
- Missing Error Handling - Unhandled errors that could expose stack traces
- Insecure Defaults - Security features disabled by default
How It Works
- Verify Your Code - Point SecurityChecks at your repository
- Invariant Analysis - Our engine extracts and verifies security properties
- Evidence-Based Findings - Get detailed reports with proof and fix suggestions
- CI/CD Integration - Block PRs that break security invariants
Getting Started
There are several ways to use SecurityChecks:
CLI (Local Development)
# Install the CLI
npm install -g @securitychecks/cli
# Run a scan
scheck run
# See what's being checked
scheck explain P0-MISSING-AUTHZ
Dashboard (Team Collaboration)
Sign up at securitychecks.ai to:
- Track findings across projects
- Manage team access
- Set up automated scans on push
- View historical trends
CI/CD Integration
Add SecurityChecks to your GitHub Actions workflow:
- name: SecurityChecks
run: |
npm install -g @securitychecks/cli
scheck run --project ${{ vars.PROJECT_SLUG }} --api-key ${{ secrets.SC_API_KEY }}
Next Steps
- Quick Start Guide - Get started in 5 minutes
- CLI Reference - All CLI commands and options
- API Reference - Integrate with our API
- Invariant Explanations - Understand what we check