Skip to main content
Capgo logo
62+ Security Rules

Security Scanner for Capacitor Apps

Zero-config security scanner that detects vulnerabilities, hardcoded secrets, and security misconfigurations in your Capacitor & Ionic applications.

$ bunx @capgo/capgo-sec scan
Local Only
CI/CD Ready
Free & Open Source

Built for Capacitor Developers

Security scanning designed specifically for the Capacitor ecosystem

⚑

Zero Configuration

Works out of the box with any Capacitor or Ionic project. No setup required.

πŸ”

Local Processing

Your code never leaves your machine. Complete privacy and security.

πŸš€

CI/CD Integration

GitHub Actions, GitLab CI, and all major CI/CD platforms supported.

πŸ“±

Platform-Specific

Android and iOS specific rules including AndroidManifest.xml and Info.plist checks.

πŸ”‘

Secret Detection

Detects 30+ types of API keys and secrets including AWS, Stripe, Firebase, and more.

πŸ“Š

Multiple Outputs

CLI, JSON, and HTML reports with remediation guidance for every finding.

62+ Security Rules

Comprehensive security coverage across 13 categories

πŸ”‘ Secrets

API keys, tokens, credentials

2 rules
πŸ’Ύ Storage

Preferences, localStorage, SQLite

6 rules
🌐 Network

HTTP, SSL/TLS, WebSocket

8 rules
⚑ Capacitor

Config, plugins, native bridge

10 rules
πŸ€– Android

Manifest, WebView, permissions

8 rules
🍎 iOS

ATS, Keychain, entitlements

8 rules
πŸ” Authentication

JWT, OAuth, biometrics

6 rules
πŸ–ΌοΈ WebView

XSS, CSP, iframe security

5 rules
πŸ”’ Cryptography

Algorithms, keys, IV generation

4 rules
πŸ“ Logging

Sensitive data in logs

2 rules
πŸ› Debug

Test creds, dev URLs

3 rules
πŸ“¦ And More

Config, permissions

Growing...

CI/CD Integration

Integrate capgo-sec into your development workflow. Run security checks on every pull request and deployment.

GitHub Actions
GitLab CI
πŸ”„ Any CI/CD Platform
.github/workflows/security.yml
name: Security Scan

on: [push, pull_request]

jobs:
  security:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v6

      - name: Setup Bun
        uses: oven-sh/setup-bun@v2

      - name: Run Security Scan
        run: bunx @capgo/capgo-sec scan --ci

Ready to Secure Your App?

Start scanning your Capacitor project in seconds. No signup required.

$ bunx @capgo/capgo-sec scan
View on GitHub View on npm

Built with ❀️ by the Capgo team

Keep going from Capgo Security Scanner

If you are scanning a Capacitor app for release risk, connect this page with Capgo Security for platform controls, Trust Center for governance, Live Update Encryption for bundle protection, Organization Security for account controls, and SSL Pinning Plugin for network hardening.