Private storage
Your archive is stored as a private object with a server-generated name, then automatically deleted after 7 days. No public URL is made for the zip.
Vibe coding turns ideas into products in days. Payment flows, admin panels, login walls — all working on the surface. We find what the surface hides before your users do.
You are not dropping code into a black box. The upload is kept private, the first pass stays limited, and the result helps you decide whether deeper review is worth paying for.
Your archive is stored as a private object with a server-generated name, then automatically deleted after 7 days. No public URL is made for the zip.
Auth, admin routes, payments, webhooks, secrets, uploads, and user data. The places fast launches usually trip over.
Free scans give you a score and signal counts. If it looks rough, you can buy the Full Report for instant automated findings.
Upload source only. Leave out generated files, dependency folders, logs, and .env or credential files.
The engine behind the free security score is open source under AGPL-3.0. Inspect exactly how it works, run it yourself with zero uploads, or scan right here — it's the same engine either way.
Clone the repo (or `npx github:odbd/oh-my-audit-free`, or the Docker image) and scan locally. Your source never leaves your machine.
Skip the setup and get the same score in your browser — plus a shareable verified report and continuous monitoring.
Start with two free scans. Results show a security score, launch-risk level, and signal counts in My Page.
Your account keeps each upload, remaining scans, score history, and result emails tied to the right project.