patchpilot · ai-era security scanning
The security scanner built
for AI-generated code
Detect hallucinated packages, insecure AI patterns, stale vibe-coded logic, and real secrets — with zero config. Scans every PR, generates fix PRs, and teaches you why.
example report
adhit-r/PatchPilot
live demo — no sign-up required
Public repos only · limited to SAST + secrets · 10 files max · sign in for full scans
12 scanner modules
SASAST
Semgrep-powered static analysis
SCSecrets
Gitleaks credential detection
SCSCA
Trivy dependency audit
ICIaC
Misconfiguration in Terraform, Docker
GDGhost Deps
Hallucinated package detection
AIAI Patterns
Stale AI-generated code patterns
LMLLM Scanner
Promptfoo prompt injection tests
PIPII
Personal data exposure detection
CRCode Review
Semantic AI code review
VSVibe Score
AI vs human code ratio analysis
ATAI Attribution
Git commit AI attribution
SVSecret Verify
Live credential validation
how it works
01
Connect your repo
Link your GitHub repo with OAuth. PatchPilot watches every push and PR.
02
12-scanner hybrid pipeline
Semgrep, Gitleaks, Trivy, Promptfoo, and LLM analysis run in parallel on every scan.
03
Fix PRs + CodeCoach lessons
Automated patch PRs land in your repo. CodeCoach turns each finding into a learning lesson.
Start securing your repos today
Free forever for open source. No credit card required.