Security Scanner for Capacitor Apps
Zero-config security scanner that detects vulnerabilities, hardcoded secrets, and security misconfigurations in your Capacitor & Ionic applications.
bunx @capgo/capacitor-sec scan Built for Capacitor Developers
Security scanning designed specifically for the Capacitor ecosystem
Zero Configuration
Works out of the box with any Capacitor or Ionic project. No setup required.
Local Processing
Your code never leaves your machine. Complete privacy and security.
CI/CD Integration
GitHub Actions, GitLab CI, and all major CI/CD platforms supported.
Platform-Specific
Android and iOS specific rules including AndroidManifest.xml and Info.plist checks.
Secret Detection
Detects 30+ types of API keys and secrets including AWS, Stripe, Firebase, and more.
Multiple Outputs
CLI, JSON, and HTML reports with remediation guidance for every finding.
62+ Security Rules
Comprehensive security coverage across 13 categories
API keys, tokens, credentials
2 rulesPreferences, localStorage, SQLite
6 rulesHTTP, SSL/TLS, WebSocket
8 rulesConfig, plugins, native bridge
10 rulesManifest, WebView, permissions
8 rulesATS, Keychain, entitlements
8 rulesJWT, OAuth, biometrics
6 rulesXSS, CSP, iframe security
5 rulesAlgorithms, keys, IV generation
4 rulesSensitive data in logs
2 rulesTest creds, dev URLs
3 rulesConfig, permissions
Growing...CI/CD Integration
Integrate capacitor-sec into your development workflow. Run security checks on every pull request and deployment.
name: Security Scan
on: [push, pull_request]
jobs:
security:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup Bun
uses: oven-sh/setup-bun@v1
- name: Run Security Scan
run: bunx @capgo/capacitor-sec scan --ciReady to Secure Your App?
Start scanning your Capacitor project in seconds. No signup required.
$ bunx @capgo/capacitor-sec scan Built with ❤️ by the Capgo team