SiteShadow

Start free. Add depth when you need it.

The free tier covers OWASP Top 10 single-file pattern matching across 23 checks, self-serve sign-in with your work SSO. Pro adds two-pass interprocedural taint analysis, 31 heuristic flow checks, AI-context scanning, cross-file detection, and the full 1,998-rule library. Enterprise adds SSO controls, custom rules, audit logging, and SLAs.

Proof-backed coverage

2,011 checks Summarized on the public coverage page.
190 CWE mappings Mapped across the detection credibility matrix.
Coverage and proofs Read the evidence before you request access.
Free
$0
Self-serve · sign in with work SSO

23 OWASP Top 10 pattern checks for single-file scanning. Catches hardcoded credentials, weak crypto, unsafe APIs, and obvious injection patterns. Data-flow analysis is a Pro feature.


  • 23 free-tier checks, OWASP Top 10 pattern coverage, single-file
  • CRED-URL heuristic, hardcoded credentials in URLs (the one free heuristic)
  • SQL/command/XSS/SSRF pattern detection
  • Inline diagnostics in VS Code / Cursor
  • Per-line ignore directives (siteshadow:ignore=...)
  • Editor fix guidance and selected code actions
  • WAF / edge-protection check (POST /waf-check)
Start free
Pro, Most popular
Contact us
Per-seat pricing

Full engine depth. Two-pass interprocedural taint analysis, heuristic checks, AI scanning, cross-file detection, and policy evaluation.


Everything in Free, plus:
  • 2,011 documented checks, all severities, OWASP + CWE
  • Full taint engine, two-pass interprocedural across functions, helpers, and return values
  • 31 heuristic checks, missing auth, timing attacks, mass assignment, prototype pollution
  • AI context-aware scan, prompt injection, RAG poisoning, unsafe agent loops
  • Cross-file analysis, import chains, inconsistent auth, secret leakage
  • Policy evaluation, fail/warn thresholds, CI exit codes
  • GitHub Action with SARIF and PR comments
  • Team dashboard and analytics
Request Pro Access
Enterprise
Contact sales
Annual contract

Everything in Pro with the security, compliance, and integration controls your organization requires.


Everything in Pro, plus:
  • SSO, Okta and Azure AD via OIDC
  • Custom pattern rules, per-customer rule overrides (enable / disable / tune severity / add new rules) via the org config manifest
  • Per-org configuration, rule overrides, severity tuning, allowlists
  • Dedicated support, priority response, onboarding
  • Audit logging, scan history, user activity
  • SLA, uptime and response guarantees
Contact Sales

"We found 2 vulnerabilities. Upgrade to see 5 more, including cross-function injection paths."

Side by side

Capability Free Pro Enterprise
Security checks 23 1,998 1,998 + custom
Taint engine (interprocedural) , Two-pass Two-pass
Cross-function taint flows ,
Heuristic checks (H01–H31) ,
AI / LLM security scan ,
Cross-file analysis ,
Policy evaluation & CI exit codes ,
GitHub Action (SARIF + PR comments) ,
Team dashboard ,
SSO (Okta, Azure AD via OIDC) , ,
Custom pattern rules (per-org overrides) , ,
Per-org config & rule overrides , ,
Dedicated support & SLA , ,
Audit logging , ,
Inline diagnostics & fix guidance

Curious what these tiers actually catch? See a worked example end-to-end:

Multi-hop SQL injection proof How data flow cuts SAST noise

Questions?

Email hello@siteshadow.com and we'll reply with next steps.