• Rafter is a modern code security scanning platform for developers.
• It identifies vulnerabilities, exposed secrets, and security issues in code prior to production.
• Features include one-click scans from a dashboard, a powerful CLI, and API access for automation integration.
• Common security risks detected include exposed API keys, SQL injections, and insecure dependencies.
• Rafter categorizes findings and offers flexible output formats to support security integration throughout the development process.
• The platform facilitates faster remediation and reduces post-deployment surprises.
One-click security scans from a clean web dashboard.
Powerful CLI tool for scanning via `rafter run` and `rafter get`.
API access for custom integration and automation.
Detection of exposed API keys, secrets, and credentials.
Alerts for SQL injections, cross-site scripting, and code injections.
Support for JSON, Markdown, and other result formats.
Git repository and branch auto-detection.
CI/CD pipeline automation and integration guides.
Categorized severity levels for findings (Critical/Warning/Improvement).
Detailed result outputs with context, fix guidance, and export options.
What exactly does Rafter scan for in my codebase?
Rafter scans for a wide range of vulnerabilities including exposed API keys and secrets, SQL injections, cross-site scripting (XSS), insecure dependencies, hardcoded credentials, insecure authentication mechanisms, and common risk patterns that may expose your software.
How do I run a scan using Rafter?
You can start a scan through the dashboard with one click, or install the Rafter CLI and run `rafter run` with your API key to scan your repository and view results directly in your terminal.
Does Rafter integrate with automated workflows like CI/CD?
Yes. Rafter is designed to integrate with CI/CD pipelines so that security scans can run automatically on every commit, pull request, or build, helping catch security issues earlier in the development cycle.
What formats can Rafter output scan results in?
Rafter supports multiple output formats including JSON for automated tools, Markdown for reports, and other developer-friendly formats that integrate with your workflow.
Can Rafter detect hardcoded API keys and other credential leaks?
Absolutely — scanning for exposed credentials like API keys is a core capability of Rafter, and it flags such leaks with severity levels so you can remediate them promptly.