shipscanner
Advanced tools
The credit score for AI-generated code. Scan any GitHub repo from your terminal.
The credit score for AI-generated code. Scan any GitHub repo from your terminal in seconds.
Score range: 300-850 (like a credit score). Grades: A+ through F.
7 scanners. One score. Works with AI coding agents.
# Scan any GitHub repo
npx shipscanner scan https://github.com/owner/repo
# Shorthand works too
npx shipscanner scan owner/repo
npm i -g shipscanner
# Basic scan
shipscanner scan owner/repo
# Specify branch
shipscanner scan owner/repo --branch develop
# JSON output (for AI agents, CI pipelines)
shipscanner scan owner/repo --json
# Fail if score is below threshold (CI quality gate)
shipscanner scan owner/repo --threshold 700
Free tier: 5 scans/hour. Authenticate for higher limits and private repo access.
# Set your API key (get one at shipscanner.dev/settings)
shipscanner login --key sk_your_api_key
# Check auth status
shipscanner whoami
# Remove stored key
shipscanner logout
# Check status of a running scan
shipscanner status <scan-id>
# View/update config
shipscanner config
shipscanner config --api-url https://shipscanner.dev
ShipScanner Report
owner/repo (main)
Score: 720 / 850 (A)
████████████████████████████░░░░░░░░░░░░
300──────────────────────────────────850
Security ████████████░░░ 240/300 (80%) 3 issues
Secrets & Credentials ███████████████ 200/200 (100%) clean
Dependencies ██████████░░░░░ 100/150 (67%) 8 issues
Code Quality ████████████░░░ 82/100 (82%) 5 issues
Best Practices ███████████████ 98/100 (98%) 1 issues
Critical: 0 High: 2 Medium: 5 Low: 10
Full report: https://shipscanner.dev/report/abc123
ShipScanner is built for the agent economy. AI coding agents can call it before committing code.
# JSON output for machine consumption
npx shipscanner scan owner/repo --json
# Use as a quality gate (exit code 1 if below threshold)
npx shipscanner scan owner/repo --json --threshold 600
SHIPSCANNER_API_KEY=sk_... # API key (alternative to login)
SHIPSCANNER_API_URL=https://shipscanner.dev # API endpoint
| Scanner | Category | What it checks |
|---|---|---|
| Semgrep | Security | SAST - SQL injection, XSS, etc. |
| Gitleaks | Secrets | Hardcoded API keys, tokens, passwords |
| Trivy | Dependencies | Known CVEs in packages |
| ESLint | Quality | Code smells, anti-patterns |
| jscpd | Quality | Copy-paste / code duplication |
| Lizard | Quality | Cyclomatic complexity |
| Repocheck | Best Practices | Tests, CI/CD, LICENSE, README, .gitignore |
MIT
FAQs
The credit score for AI-generated code. Scan any GitHub repo from your terminal.
We found that shipscanner demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.
Security News
Axios compromise traced to social engineering, showing how attacks on maintainers can bypass controls and expose the broader software supply chain.
Security News
Node.js has paused its bug bounty program after funding ended, removing payouts for vulnerability reports but keeping its security process unchanged.