ZenVeil

Product Introduction

1. Definition: ZenVeil is an AI-native DevSecOps platform and automated security scanner designed for modern software development. It is a static analysis security scanner available as a command-line interface (CLI) and web dashboard, specialized for finding secrets, vulnerabilities, and supply chain risks in codebases.
2. Core Value Proposition: ZenVeil exists to automate security for developers using AI coding tools. It provides fast, comprehensive scans and automated remediation to close the security gaps introduced by rapid, AI-assisted development, enabling teams to ship secure code without slowing down.

Main Features

1. Secret Detection & Scanning: ZenVeil scans codebases using a dual-engine approach of regex pattern matching and entropy analysis to detect over 200 secret patterns, including AWS keys, GitHub tokens, JWTs, and hardcoded passwords. It performs near-zero false negative detection to catch credentials before they reach production environments.
2. Supply Chain Security Analysis: The tool integrates with OSV.dev to perform real-time CVE database lookups on project dependencies. It identifies floating dependency versions, missing lockfiles, and known vulnerabilities in the software supply chain, providing severity scores to prioritize critical risks.
3. Automated AI-Powered Remediation: ZenVeil features auto-PR creation for deterministic findings. Using AI models like Claude, it generates context-aware explanations of vulnerabilities and produces actionable patches. The zenveil fix command can automatically open a GitHub Pull Request with the necessary code changes, eliminating manual edits.
4. CI/CD and GitHub Actions Integration: It provides a ready-to-use GitHub Actions workflow (e.g., zenveil.yml) to automatically scan every pull request. The integration can block merges on HIGH/CRITICAL findings and auto-open fix PRs directly from the pipeline, acting as a fast security gate.
5. AI-Code-Aware Analysis: Specifically optimized to analyze code generated by tools like GitHub Copilot, Cursor, and Claude, ZenVeil understands common AI-generated patterns such as over-permissive configurations and missing input validation. It maps findings to the OWASP Top 10 for standardized risk assessment.

Problems Solved

1. Pain Point: The acceleration of code creation through AI coding assistants has outpaced traditional security review processes, leading to exposed secrets, unvetted dependencies, and OWASP vulnerabilities being shipped to production. Traditional security tools are often too slow or complex for fast-paced development cycles.
2. Target Audience: The primary users are full-stack developers, backend engineers, indie makers, and security teams (AppSec) within organizations that use AI-assisted development. It serves both individual developers seeking a quick scan and engineering teams requiring integrated security pipelines.
3. Use Cases: Essential for pre-launch security checks ("vibe-coded" apps), investor due diligence demos, CI/CD pipeline security gates, SOC 2 compliance workflows, and onboarding security checks for new developers joining a team. It is critical for high-risk sectors like healthtech where exposed credentials are catastrophic.

Unique Advantages

1. Differentiation: Compared to traditional tools like Snyk, Semgrep, or GitGuardian, ZenVeil differentiates itself with speed (full scans under 30 seconds), deep AI-native integration for explaining and fixing code issues, and a developer-first workflow centered on single-command automation (pip install zenveil, zenveil scan .). It combines secrets, supply chain, and vulnerability scanning into one unified, fast tool.
2. Key Innovation: The core innovation is the AI-driven, end-to-end automated workflow from scan to merged Pull Request. By leveraging Claude for contextual understanding and generating framework-specific patches, ZenVeil transforms security findings from a backlog of tickets into instantly reviewable code changes, drastically reducing the time-to-fix.

Frequently Asked Questions (FAQ)

1. Does ZenVeil upload or store my source code? No. For CLI scans, code is analyzed entirely on your local machine. When using the web dashboard or API for GitHub repos, code is temporarily fetched for the scan and is not stored on ZenVeil's servers after the scan completes.
2. What's the difference between ZenVeil's Free and Pro plans? The Free plan is forever-free for public repositories, offering 3 scans per hour with severity-ranked results but no AI explanation, auto-fix, or private repo access. The Pro plan ($19/month) unlocks unlimited scans, private repository support, full AI explanation and fix capabilities, auto-PR remediation, and a 90-day scan history.
3. Can ZenVeil scan private GitHub repositories? Yes, but scanning private repositories requires a paid Pro or Team plan. Free plan scans are limited to public repositories. You can connect your GitHub account to authorize access to private repos for scanning.
4. How does ZenVeil's auto-fix Pull Request feature work? For deterministic findings like certain secrets or dependency fixes, running zenveil fix [Finding-ID] --auto-pr will generate a code patch and open a new GitHub Pull Request containing the fix. The PR includes explanatory context, and you simply review and merge it. No manual code editing is needed.
5. Which programming languages and ecosystems does ZenVeil support? ZenVeil supports a wide range of languages and ecosystems including Python, Node.js, Go, Rust, and Ruby. Its core scanning capabilities for secrets, dependencies, and common vulnerability patterns are designed to be language-agnostic, covering the stacks commonly built with AI coding tools.