Summary:**Show HN: isitsecure – 1‑command SAST & DAST & LLM security scanner for web apps****Introduction**
referrerpolicy="no-referrer"
style="max-width:100%;height:auto;display:block;margin:0 auto;">
**Show HN: isitsecure – 1‑command SAST & DAST & LLM security scanner for web apps**
**Introduction**
A new open‑source tool appeared on Hacker News this week, promising to simplify security testing for developers who juggle multiple scanning utilities. Dubbed *isitsecure*, the project combines static application security testing (SAST), dynamic application security testing (DAST), and large‑language‑model (LLM)‑driven checks into a single command line interface. Hosted on GitHub under the jaurakunal organization, the repository has already attracted attention for its minimal setup and broad coverage.
**Key Developments**
The core innovation lies in the wrapper script that orchestrates three established scanners—Bandit for Python SAST, OWASP ZAP for DAST, and a custom LLM prompt that analyses code snippets for emerging vulnerability patterns. Users run `./isitsecure scan
` and receive a consolidated report that flags issues ranging from hard‑coded secrets to injection flaws and logic errors that traditional rule‑based tools might miss. The scanner automatically installs dependencies via Docker, ensuring consistent environments across Linux, macOS, and Windows CI pipelines. Early adopters have praised the clear markdown output, which includes severity scores, remediation tips, and links to relevant CVE entries.
**Industry Analysis**
Application security teams often struggle with tool sprawl: SAST catches coding mistakes early, DAST finds runtime exposure, and LLM assistants help interpret ambiguous code contexts. Maintaining separate pipelines increases overhead and can lead to gaps when results are not correlated. By integrating these approaches, *isitsecure* addresses a growing demand for “shift‑left everywhere” strategies that keep security checks close to the developer without sacrificing depth. The project also taps into the rising interest in LLMs for security, a niche that has seen experimental tools emerge from both academia and startups. Its permissive MIT license encourages contributions, potentially expanding language support beyond