Scanning & Detection

Find every vulnerability, across every layer.

Seven specialized scanning engines work together to analyze your code, dependencies, secrets, infrastructure, APIs, and AI-generated patterns. Each scanner feeds into the application context model for correlated risk narratives.

code

Code Scanning (SAST)

Deep static analysis that goes beyond pattern matching. Detects SQL injection, XSS, command injection, insecure cryptography, path traversal, and hundreds more vulnerability patterns. Powered by the Semgrep engine with full support for custom rules tailored to your codebase and frameworks.

package_2

Dependency Scanning (SCA)

Continuously checks all third-party dependencies against CVE databases and security advisories. Full support for npm, Composer, pip, Go modules, Maven, and more. Includes transitive dependency analysis and automatic upgrade recommendations with compatibility scoring.

key

Secret Detection

Finds hardcoded secrets, API keys, tokens, and passwords across your entire codebase and git history. Recognizes 50+ key formats including AWS, Stripe, Firebase, GitHub, OpenAI, and more. High-entropy string detection catches custom secrets that pattern matching misses.

bolt

FreeScan (URL Scanner)

14 automated security checks for any URL in under 30 seconds. No account required. Checks HTTP security headers, SSL/TLS configuration, cookie security, CORS policy, open redirects, exposed files, API key leaks, and technology fingerprinting. Severity grading from A to F with actionable recommendations.

cloud_sync

IaC Scanning

Scans your infrastructure-as-code for misconfigurations and security risks. Full support for Terraform, CloudFormation, Kubernetes manifests, Helm charts, and Dockerfiles. Checks against CIS benchmarks, AWS/Azure/GCP best practices, and custom organizational policies.

api

API Security

Automatic endpoint discovery directly from your source code. Checks every endpoint against the OWASP API Top 10 including BOLA (Broken Object Level Authorization), excessive data exposure, missing authentication, rate limiting gaps, and mass assignment vulnerabilities.

smart_toy

AI Code Risk Detection

Purpose-built for VibeCoded and AI-generated applications. Detects insecure defaults, missing access control, database schemas without ownership checks, tutorial-pattern vulnerabilities, and the systematic gaps that AI scaffolding tools consistently produce. Essential for any team using AI to write code.

Application Intelligence

Understand your application, not just your code.

This is what makes codelake unique. While other scanners analyze files in isolation, codelake builds a living model of your entire application — understanding how data flows, where authentication boundaries exist, how services depend on each other, and where the real risk lies.

hub

Application Context Mapping

The core of codelake. Builds a living model of your application that understands how code, APIs, databases, and services connect. Instead of isolated findings, you get correlated risk narratives that show exactly how an attacker could chain vulnerabilities across your system. Updated with every scan.

conversion_path

Data Flow Mapping

Track user input from entry point through your entire application to the database. See exactly where data is validated, sanitized, transformed, or left unfiltered. Identifies PII exposure paths, cross-service data leaks, and unprotected sensitive data flows that no traditional scanner can detect.

shield_lock

Auth Flow Visualization

Complete visualization of your authentication and authorization flows. Maps every auth middleware, permission check, role gate, and access control boundary in your application. Automatically detects bypass paths, missing middleware, inconsistent permission models, and orphaned endpoints without protection.

device_hub

Service Dependency Graph

Maps all internal and external service dependencies with trust boundaries. Understand blast radius for any vulnerability — if one service is compromised, which others are affected? Identifies implicit trust relationships, shared credential usage, and unencrypted inter-service communication paths.

Triage & Remediation

From finding to fix, streamlined.

Discovering vulnerabilities is only half the battle. codelake provides the tools to triage, prioritize, assign, and resolve findings efficiently with built-in workflows and AI-powered remediation guidance.

sort

Smart Triage

Split-screen triage interface with findings list on the left and detailed code view on the right. Full status workflow (Open, In Progress, Accepted Risk, False Positive, Resolved) with documented decisions. Filter by severity, scanner type, file path, and assignee. Every triage decision is audit-logged.

auto_fix

AI Remediation Suggestions

For every finding, codelake generates context-aware fix suggestions using AI. Not generic advice — actual code patches applicable to your specific codebase, framework, and coding patterns. Includes explanation of why the fix works and what it prevents. One-click copy for immediate application.

assignment

Security Case Management

Track security incidents from detection to resolution with case IDs, SLA tracking, and escalation workflows. Group related findings into security cases, assign ownership, set deadlines, and track resolution time. Full audit trail for compliance evidence and post-incident review.

Compliance & Governance

Continuous compliance, not annual audits.

codelake maps your security posture to 10 compliance frameworks in real time. No more manual spreadsheets, screenshot evidence, or scrambling before audits. Every scan updates your compliance scores automatically.

verified

Compliance Dashboard

Real-time compliance scores for SOC 2, ISO 27001, PCI DSS, HIPAA, NIST 800-53, NIST CSF, CIS Controls, OWASP Top 10, EU CRA, and DORA. Visual progress per framework, drill-down to individual controls, and automatic evidence collection. Know your compliance posture at any moment.

rule

Policy Engine

Define custom security policies with configurable severity levels and enforcement actions. Set rules that automatically fail builds, block PR merges, or trigger alerts when violated. Supports organization-wide policies and per-project overrides for different risk profiles.

history

Audit Logs

Complete action protocol for every event in the platform. Every scan, triage decision, status change, configuration update, and access event is logged with timestamp, actor, and expandable diffs showing exactly what changed. Immutable, exportable, and searchable.

inventory_2

SBOM Generation

Generate Software Bill of Materials in CycloneDX and SPDX formats. Fully compliant with EU Cyber Resilience Act (CRA) requirements. Includes all direct and transitive dependencies, license information, vulnerability status, and supplier data. Auto-generated with every scan.

approval

Manager Approval Queue

Destructive actions and compliance-relevant decisions require documented approval. Managers see a queue of pending approvals with full context, risk assessment, and audit trail. Supports delegation, escalation timeouts, and automatic reminders for SLA compliance.

Supply Chain Security

Know what's in your software supply chain.

Modern applications depend on hundreds of third-party packages. codelake maps your entire dependency graph, identifies risk hotspots, and ensures license compliance across your full supply chain.

account_tree

Dependency Graph & Risk Assessment

Visual dependency graph showing all direct and transitive dependencies with risk scoring. Identify abandoned packages, maintainer changes, typosquatting risks, and packages with known vulnerabilities deep in the dependency tree. Prioritize remediation based on actual reachability and exploit availability.

gavel

License Compliance

Automatic license detection and compliance checking for every dependency. Define allowed and blocked license types per project. Alerts for copyleft licenses in proprietary projects, license conflicts, and missing license declarations. Exportable license reports for legal review.

Secrets Management

Find, track, and rotate every secret.

Beyond detection, codelake provides a complete secrets management console to track the lifecycle of every credential, key, and token found in your codebase.

vpn_key

Secrets Console

Centralized inventory of every secret found across all repositories. See which secrets are active, which services use them, when they were last rotated, and their exposure risk level. Filter by provider (AWS, Stripe, GitHub, etc.), status, and age. One-click navigation to the exact file and line.

autorenew

Secret Rotation Tracking

Track rotation schedules for every credential. Get alerts when secrets exceed their rotation policy (30, 60, 90 days). See which secrets are shared across environments (production, staging, development) and which services would be affected by rotation. Rotation history with full audit trail.

Alerting & Notifications

The right alert, to the right person, at the right time.

Configurable alerting that ensures critical findings reach the right team members through the right channels — without alert fatigue.

inbox

Security Alert Inbox

Unified inbox for all security alerts across every project and scanner. Filter by severity, type, and status. Bulk actions for efficient triage. Unread counts and priority sorting ensure critical findings are never missed. Integrates with your existing notification workflow.

tune

Alert Rule Configuration

Define custom alert rules based on severity, scanner type, file path patterns, and finding categories. Set different routing for critical vs. low findings. Suppress known false positives. Schedule quiet hours for non-critical alerts. Per-project and per-team rule overrides.

notifications_active

Notification Channels

Route alerts to Slack, Microsoft Teams, email, PagerDuty, webhooks, and the in-app notification center. Severity-based routing sends critical findings to PagerDuty while medium findings go to Slack. Customizable message templates with finding details and direct links.

Reporting & Analytics

Measure, report, and improve.

From board-ready executive summaries to detailed security performance analytics, codelake gives every stakeholder the visibility they need.

summarize

Executive Reports

Board-ready security reports with Security Posture Score, trend analysis, and risk summaries. Choose from PDF, HTML, or JSON formats. White-label support for consultancies. Pre-built templates for SOC 2 audits, board presentations, and customer security questionnaires.

monitoring

Security Performance Analytics

Track Mean Time to Remediation (MTTR), finding trends, resolution rates, and team performance over time. Developer fix leaderboards for gamification. Compare security posture across projects, teams, and time periods. Identify bottlenecks in your remediation workflow.

schedule_send

Scheduled Reports

Automatically generate and deliver reports on a daily, weekly, or monthly schedule. Configure recipients, format, and content filters per schedule. Compliance reports for auditors, executive summaries for leadership, and detailed technical reports for security teams — all delivered automatically.

Developer Experience

Security that fits your workflow.

codelake meets developers where they work — in the terminal, in the IDE, and in the API. No context switching, no separate dashboards, no friction.

terminal

CLI Tool

Full-featured command-line interface for running scans locally, in CI/CD pipelines, and as pre-commit hooks. codelake scan . gives you instant results. Supports all scan types, custom configurations, and JSON/SARIF output for tool integration.

edit_note

IDE Plugins

See security findings inline in your editor as you code. Squiggly underlines for vulnerabilities, hover for details, click for remediation suggestions. Available for VS Code, JetBrains IDEs (IntelliJ, WebStorm, PhpStorm), and Neovim. Real-time feedback without leaving your editor.

data_object

Public API

Full REST API with comprehensive documentation. Trigger scans, retrieve findings, manage projects, and access all platform data programmatically. API keys with granular permissions, rate limiting, and webhook support for real-time event streaming. Build custom workflows and integrations.

Integrations

Connects with your entire stack.

codelake integrates with the tools your team already uses — from Git providers and CI/CD pipelines to communication platforms and compliance tools.

source

Git Providers

Native integrations with GitHub, GitLab, Bitbucket, and Azure DevOps. Automatic scanning on push and pull request. Inline PR comments with findings, status checks for merge blocking, and branch-level security policies. Connect in one click with OAuth.

deployed_code

CI/CD Integration

Pre-built templates for GitHub Actions, GitLab CI, Jenkins, CircleCI, and Bitbucket Pipelines. Configurable fail conditions — block the build on critical findings, warn on high, ignore low. SARIF output for GitHub Security tab integration. Average pipeline addition: 3 lines of YAML.

extension

Integrations Marketplace

Connect with Slack, Microsoft Teams, PagerDuty, Jira, Linear, Vanta, Drata, ServiceNow, and more. Webhook support for custom integrations. Every integration is configurable per project and per severity level. New integrations added monthly based on customer demand.

Ready to see the full platform in action?

Start with a free account and connect your first repository. Your first scan results are ready in under 5 minutes. No credit card required.

Start free — no credit card Try FreeScan first

Everything your application security needs.