See a real finding
This is exactly what you get
Scanning is free and shows your overall score. What's normally locked behind the $9 full report is everything below: real fix guidance and a copy-paste AI prompt, for every finding your repo trips. Here's one real finding, in full, the same rule and the same text a paying user sees.
AWS access key ID (long-lived)
A long-lived AWS access key ID (AKIA...) was found in source. Paired with its secret, it grants programmatic access to the account.
Part of Security, which counts for 30% of the overall score. When this check fires it deducts 25 points from that category, once per scan, no matter how many places it turns up.
Why it matters
A long-lived AWS access key ID sits next to its secret in almost every leak, and together they grant programmatic access to the account. Public repositories are scanned for the AKIA prefix within minutes of a push. Attackers use found keys to spin up compute for crypto mining, read S3 data, or pivot deeper into the account.
How to fix it
Move the key ID and secret out of source and read them from the environment or an instance role. For local use keep them in ~/.aws/credentials or an untracked .env; in production prefer IAM roles over static keys entirely. Then deactivate and delete the exposed key in the IAM console, because git history still holds it.
Prompt for your AI coding agent
Normally paid-onlyExample locations shown. Your real scan points at your own files.
Remove the hardcoded AWS access key ID (and any adjacent secret access key) at src/lib/aws-client.ts:14, scripts/deploy.ts:47. Replace each with a read from the environment (process.env in Node, os.environ in Python) or, better, note where an IAM role should be used instead of static keys. Add the variable names to .env.example with placeholder values and do not commit real values. Do not change the AWS SDK calls or region config. In your summary, list every exposed key ID so I can deactivate it in IAM, since removing it from code does not revoke it, so it still has to be rotated with the provider. Verify by grepping tracked files for AKIA and finding no matches.
Every finding in your repo looks like this
Scan yours for free, then unlock the full report to see every finding at this level of detail: file and line, the why, the fix, and the AI prompt.