SiteShadow
Request access Login
Menu
Login Home Library Proofs Docs Pricing Blog Privacy
Request access

Request access. Go deeper when you're ready.

SiteShadow access is customer-gated while install and CLI surfaces move through release review. Free, Pro, and Enterprise options stay available for approved teams.

Proof-backed coverage

2,000+ checks Summarized on the public coverage page.
190+ CWEs Mapped across the detection credibility matrix.
Coverage and proofs Read the evidence before you request access.

Coverage Proofs Credibility matrix

Free
$0
Available to approved teams

100 critical and high-severity rules plus a lite taint engine. Catches direct source→sink injection flows in the same function.

  • 100 regex rules — critical and high severity
  • Lite taint engine — single-pass, direct source→sink
  • SQL injection, command injection, XSS, SSRF
  • Inline diagnostics in VS Code / Cursor
  • One-click auto-fix suggestions
  • Dependency-risk heuristics (unsafe YAML/pickle loads, outdated-package signals)
Request Free Access
Pro — Most popular
Contact us
Per-seat pricing

Full engine depth. Two-pass interprocedural taint analysis, heuristic checks, AI scanning, cross-file detection, and policy evaluation.

Everything in Free, plus:
  • 2,000+ rules — all severities, OWASP + CWE
  • Full taint engine — two-pass interprocedural across functions, helpers, and return values
  • 31 heuristic checks — missing auth, timing attacks, mass assignment, prototype pollution
  • AI context-aware scan — prompt injection, RAG poisoning, unsafe agent loops
  • Cross-file analysis — import chains, inconsistent auth, secret leakage
  • Policy evaluation — fail/warn thresholds, CI exit codes
  • GitHub Action with SARIF and PR comments
  • Team dashboard and analytics
Request Pro Access
Enterprise
Contact sales
Annual contract

Everything in Pro with the security, compliance, and integration controls your organization requires.

Everything in Pro, plus:
  • SSO — Okta and Azure AD via OIDC
  • Custom pattern rules — per-customer rule overrides (enable / disable / tune severity / add new rules) via the org config manifest
  • Per-org configuration — rule overrides, severity tuning, allowlists
  • Dedicated support — priority response, onboarding
  • Audit logging — scan history, user activity
  • SLA — uptime and response guarantees
Contact Sales

"We found 2 vulnerabilities. Upgrade to see 5 more — including cross-function injection paths."

Side by side

Capability Free Pro Enterprise
Security checks 100 2,000+ 2,000+
Taint engine Lite Full Full
Cross-function taint flows
Heuristic checks (H01–H31)
AI / LLM security scan
Cross-file analysis
Policy evaluation & CI exit codes
GitHub Action (SARIF + PR comments)
Team dashboard
SSO (Okta, Azure AD via OIDC)
Custom pattern rules (per-org overrides)
Per-org config & rule overrides
Dedicated support & SLA
Audit logging
Inline diagnostics & auto-fix

Questions?

Email hello@siteshadow.com and we'll reply with next steps.