Critik is an AI-powered code security scanner designed to help developers identify vulnerabilities in their codebase quickly and efficiently. It operates entirely offline with zero dependencies, making it ideal for secure development environments.
Key Features:
- AI-Powered Analysis: Uses Llama 3.3 to review findings and filter false positives with confidence scores
- Comprehensive Security Checks: 11 check types including hardcoded secrets, SQL injection, missing authentication, insecure configuration, and framework-specific patterns
- Fast & Offline: Scans projects in seconds without requiring internet connectivity or cloud services
- Multiple Integrations: VS Code/Cursor extension, GitHub Action for CI/CD, pre-commit hooks, and watch mode for continuous scanning
- Custom Rules: Create custom security rules using YAML format for team-specific requirements
- Fix Generation: Generates LLM-ready fix prompts for identified vulnerabilities
- Baseline Support: Save current findings to focus only on new issues
Use Cases:
- Individual developers wanting to secure personal projects
- Development teams implementing security scanning in CI/CD pipelines
- Open source projects needing security auditing
- Companies requiring offline security scanning for compliance
- Developers working with frameworks like FastAPI, Express, Next.js, Supabase, and Firebase
