Skip to main content
# Install, scan, and fix — in three commands
pip install zenveil
zenveil login
zenveil scan repo .

# ╭─────────────────────────────────────────────────────────╮
# │  ZenVeil · 4 findings · CRITICAL: 1 · HIGH: 2          │
# │                                                         │
# │  ZG-A1B2  CRITICAL  AWS access key      config.js:14   │
# │  ZG-C3D4  HIGH      .env committed      .env            │
# │  ZG-E5F6  HIGH      Token in storage    login.js:47    │
# │  ZG-G7H8  MEDIUM    Debug mode enabled  app.js:3        │
# ╰─────────────────────────────────────────────────────────╯

zenveil fix ZG-A1B2 --auto-pr --repo owner/repo
# Opened pull request: https://github.com/owner/repo/pull/42

The security scanner that fixes itself

ZenVeil scans your repositories, APIs, and CI/CD pipelines for secrets, OWASP vulnerabilities, and supply chain risks — then uses AI to explain every finding and generate production-ready remediation pull requests. No security team required.

Quick Start — 60 seconds

Install ZenVeil, run your first scan, get your first finding fixed. One copy-paste away.

Why ZenVeil?

The case for autonomous security remediation in a world of AI-generated code.

CLI Reference

Every command, every flag, every option — with real examples and sample output.

API Reference

Integrate ZenVeil directly into your platform. REST API with streaming AI responses.

What ZenVeil catches

Secrets & Credentials

AWS keys, GitHub tokens, private keys, JWT tokens, hardcoded passwords — with sub-millisecond detection.

OWASP Top 10

Broken auth, IDOR, XSS vectors, open redirects, injection paths, insecure deserialization.

Supply Chain Risks

Dependency confusion, floating versions, missing lockfiles, known CVEs via OSV.dev.

API Security

Missing security headers, CORS misconfigurations, exposed endpoints and HTTP downgrade paths.

CI/CD Risks

Workflow injection, unpinned actions, overprivileged tokens, debug mode in production.

AI Remediation

Claude-powered explanations, fix suggestions, and automatic GitHub PR creation.

First win in three commands

pip install zenveil
zenveil login
zenveil scan repo .
That’s it. ZenVeil scans your current repository, surfaces every finding with severity, OWASP category, evidence, and an AI-generated fix — right in your terminal.
ZenVeil works offline for local scans. Network access is only needed for GitHub scanning, CVE lookups via OSV.dev, and AI-powered analysis (explain/fix/triage).

Trusted by security-conscious teams

ZenVeil is built for developers who want security without friction — from solo founders shipping fast to platform teams enforcing DevSecOps at scale.
  • Zero config scanning — point it at any directory and go
  • Git-native — findings link directly to file, line, and column
  • AI-native — every finding has an explanation, a fix, and optionally a PR
  • Privacy-first — no code leaves your machine during local scans
  • CI-ready — exits with code 1 on critical/high findings, perfect for gates