What a scan produces
Findings
Each with the full source-to-sink call chain, a CVSS severity, a proof of
concept, and a ready-to-apply patch.
Repository wiki
An AI-written map of your app: architecture, routing, and security model.
Endpoint map
The HTTP attack surface Gecko discovered in your code.
PR reviews & fixes
On pull requests, a security review summary and one-click fixes.
The scan pipeline
A deep scan maps your codebase so the agent understands your app, focuses on the security-sensitive code, then traces each path from source to sink, reporting only proven, high-confidence findings.Supported languages
Gecko follows data flow across files using compiler-accurate analysis where available, and general parsing support everywhere else.| Support | Languages |
|---|---|
| Compiler-accurate (precise cross-file analysis) | TypeScript · JavaScript · Python · Go · Java · Scala · C# · Rust |
| General support | Ruby · PHP · C · Swift · and more |