Features
AI-native semantic code graph
Multi-step attack chain mapping
Business logic vulnerability detection
CI/CD integration with PR scanning
One-click auto-fix pull requests
Contextual scanning across repos and trust boundaries
Natural language security policy rules
Compiler-accurate indexing for dynamically typed languages
Threat modelling across services and release cycles
Jira, Linear, Slack, ClickUp, Shortcut integrations
SSO/SAML with SCIM provisioning (Enterprise)
Audit logging (Enterprise)
Self-hosted and private cloud deployment (Enterprise)
Intelligent vulnerability prioritization
GitLab vulnerability export
Performance trace recording and insights
Network request analysis and inspection
Console message reading with source-mapped stack traces
Puppeteer-based automation with auto-wait
Slim mode for basic browser tasks
CLI usage without MCP client
Optional CrUX API integration for field data
Usage statistics with opt-out
Update checks via npm (configurable)
Multi-account Chrome support
Gemini integration via extension
Source-mapped stack traces in console output
Auto-wait for action results