Documentation

ShipReady Documentation

Everything you need to secure your AI-generated code. From quick start to best practices.

Quick Start GuideView Features

Getting Started

ShipReady is a security scanner designed specifically for AI-generated code. Whether you use GitHub Copilot, Cursor, Claude, or ChatGPT to write code, ShipReady catches the vulnerabilities that AI tends to introduce.

What ShipReady Does

  • Scans your GitHub repositories for security vulnerabilities
  • Detects OWASP Top 10 vulnerabilities including SQL injection, XSS, and more
  • Provides AI-powered fix suggestions you can copy directly into your code
  • Generates plain-English security reports with severity ratings

Why AI Code Needs Extra Security

Studies show that 40% of AI-generated code contains security vulnerabilities. AI coding assistants optimize for functionality, not security. ShipReady bridges this gap.

Quick Start

Get your first security scan running in under 2 minutes.

Step 1

Connect GitHub

Sign in with your GitHub account and authorize ShipReady to access your repositories.

Step 2

Select Repository

Choose which repositories you want to scan from your connected GitHub account.

Step 3

Run Scan

Click "Scan" and get your security report.

Step 4

Fix Issues

Review findings and use AI-powered fix suggestions to patch vulnerabilities.

Connect GitHub & Start

Vulnerability Types

ShipReady detects these common security vulnerabilities in your code.

SQL Injection

Critical

Unsanitized database queries

Cross-Site Scripting (XSS)

High

Malicious script injection

Authentication Bypass

Critical

Access control flaws

Secrets Exposure

Critical

Hardcoded credentials

Path Traversal

High

Directory escape attacks

Command Injection

Critical

Shell command exploits

Insecure Deserialization

High

Object manipulation attacks

SSRF

High

Server-side request forgery

See all vulnerability types on our Features page.

Understanding Results

After each scan, you'll receive a detailed security report. Here's how to read it.

Security Score

Your security score is calculated based on the number and severity of vulnerabilities found.

90-100
Excellent
70-89
Needs Work
0-69
Critical

Severity Levels

CriticalMust fix immediately. Active exploitation risk.
HighFix before deploying to production.
MediumShould be addressed in next sprint.
LowBest practice improvement.

Finding Details

Each finding includes:

  • File and line number - Exact location of the vulnerability
  • Vulnerability type - Category (SQL injection, XSS, etc.)
  • Description - Plain-English explanation of the issue
  • AI-powered fix - Suggested code to resolve the vulnerability

AI-Powered Fixes

ShipReady doesn't just find vulnerabilities—it helps you fix them.

Example: SQL Injection Fix
Vulnerable Code
const query = `SELECT * FROM users WHERE id = ${userId}`
db.execute(query)
Secure Fix
const query = 'SELECT * FROM users WHERE id = ?'
db.execute(query, [userId])

Copy for Claude / ChatGPT

Each fix includes a "Copy for Claude" button that formats the vulnerability and fix as a prompt you can paste directly into your AI coding assistant.

"Fix this SQL injection vulnerability in my code. The issue is on line 42 of api/users.ts. Here's the vulnerable code: [code]. Here's the suggested fix: [fix]. Please apply this fix and explain why it's more secure."

Frequently Asked Questions

How long does a scan take?

Scan time depends on repository size. We optimize for speed without sacrificing accuracy.

What languages are supported?

ShipReady supports JavaScript, TypeScript, Python, Go, Java, Ruby, PHP, and more. We use Semgrep under the hood, which provides comprehensive multi-language support.

Is my code stored on your servers?

No. We clone your repository temporarily during the scan and delete it immediately after. Your code is never stored permanently on our servers.

Can I scan private repositories?

Yes! When you connect your GitHub account, you can authorize access to both public and private repositories.

How do AI-powered fixes work?

When we detect a vulnerability, we analyze the code context and generate a secure fix suggestion. You can copy the fix directly or use it as a prompt for your AI coding assistant.

What is the OWASP Top 10?

The OWASP Top 10 is a standard awareness document representing the most critical security risks to web applications. ShipReady scans for all categories in the OWASP Top 10.

Ready to secure your code?

Start scanning in under 2 minutes. No credit card required.

Start Scanning Free