◐ RC  ·  v0.9-rc1  ·  Linux & macOS & Windows  ·  x86-64

Coding
Sidekick

// CSK

AI-assisted code review and vulnerability analysis for pentesters and secure-SDLC teams. Scans codebases locally — OWASP Top 10, hardcoded secrets, logic flaws, dependency CVEs — with zero telemetry and zero cloud uploads.

Pre-order Licence → Customer Portal
Status◐ Release Candidate
Version0.9-rc1
PlatformLinux · macOS · Windows
Archx86-64 · ARM64
InterfaceGUI + CLI
Cloud uploadsZero — local only
AI modelRuns on-device
⚠ Release Candidate — core functionality is complete and stable. Some edge-case language parsers are still being finalized. Licences purchased now include the GA release at no extra cost.
Screenshots
See It In Action
CSK · Scan Dashboard
[ SCREENSHOT ]
VULNERABILITY SCAN RESULTS
Coming soon
CSK · Secret Leak Finder
[ SCREENSHOT ]
HARDCODED CREDENTIALS REPORT
Coming soon
Capabilities
What CSK Does
🔎
OWASP Top 10 Scan
Deep AST-based analysis for injection flaws, broken auth, insecure deserialization, SSRF and the full OWASP Top 10 across 15+ languages.
🔑
Secret & Credential Leak Detection
Finds API keys, tokens, passwords and private keys committed into source, env files, Docker layers and config files — with entropy analysis.
📦
Dependency CVE Scan
Parses package manifests (npm, pip, cargo, maven, go.sum) and cross-references against the NVD and OSV databases — offline-capable.
🧠
AI Logic Flaw Analysis
On-device AI model reasons over control flow to surface business-logic vulnerabilities that pattern-matching tools miss.
📄
SAST Report Export
Exports findings as SARIF, JSON, HTML and PDF — compatible with GitHub Code Scanning, GitLab SAST, and Jira import.
🔌
CI/CD Integration
CLI mode with exit-code gating for GitHub Actions, GitLab CI, and Jenkins pipelines. Fail the build on critical severity.
Comparison
CSK vs. The Field
Feature CSK Semgrep (free) Snyk SonarQube Community
Zero telemetry / local-only✗ Cloud✗ Cloud✓ Self-hosted
Secret leak detection✓ Via rules✓ Plugin
Dependency CVE scan✓ Plugin
AI logic flaw analysis✓ On-device
SARIF / SAST report export
Offline / air-gapped capable
GUI interface
CI/CD gate integration
PriceFrom €22/moFreeFree limited / $25+/moFree CE / €€€ EE

✓ = supported · ✗ = not supported · partial = limited or requires extra config. Competitor data based on public documentation, 2026.

Pre-order before GA
RC purchasers get the GA release at no extra cost. Licence activates immediately for RC access.
Pre-order Licence → Customer Portal