4. Security & Compliance

Manages resource authorization policies with attribute-based permissions and scoping for secure access control.

Configures world ownership, authorization policies, and resource permissions for secure access control management.

Audits Dojo code for security vulnerabilities, best practices, and optimization opportunities to ensure secure and robust deployments.

Audits Convex applications for security vulnerabilities including missing auth checks, IDOR risks, and data leaks in queries, mutations, and subscriptions.

Audits Next.js applications for security vulnerabilities including exposed environment variables, missing authentication in Server Actions, and middleware configuration.

Audits Django applications for security vulnerabilities by checking settings, middleware, and authentication patterns including SECRET_KEY, CSRF, and auth decorators.

Audits Vite security patterns for environment variables, build secrets, and dev server configurations in SPAs and development environments.

Audits Bun runtime security patterns, identifying vulnerabilities like injection flaws and insecure configurations in Bun applications.

Audits FastAPI applications for security vulnerabilities in dependencies, middleware, CORS, and authentication configurations.

Audits Docker container security by checking for secrets in layers, exposed ports, non-root users, and privileged configurations in Dockerfiles and docker-compose.yml.

Scans code repositories and history for high-signal secrets including AWS keys and tokens to prevent exposure during security audits.

Audits Express.js applications for security vulnerabilities in middleware, routes, and configuration settings like Helmet.js, CORS, and authentication.

Scans code and configurations for exposed AI API keys (e.g., OpenAI, Anthropic) and verifies proper redaction in logs and integrations.

Continuous security vulnerability scanning for OWASP Top 10, SQL injection, XSS, and secrets exposure. Triggers on file changes and security mentions.

Provides 22 AI agents for automated security reviews, code quality analysis, compliance checks, and infrastructure validation with auto-activation.

Scans code for security vulnerabilities using UBS before commits or when security-related keywords are mentioned.

Troubleshoots authentication issues including 401 errors, token problems, and MSAL configuration for Entra ID and JWT.

Performs code audits to detect security flaws and provides recommendations for secure coding practices.

Scans Python web applications for OWASP Top 10 vulnerabilities and dependency CVEs, generating actionable security reports.

Scans Next.js and TypeScript/JavaScript projects for security vulnerabilities including OWASP Top 10, XSS, and hardcoded secrets, generating actionable reports.

Assists with Governance, Risk, and Compliance (GRC) topics including SOX, GDPR, and ServiceNow GRC implementation.

Manages security operations including incident response, vulnerability handling, threat analysis, and SIEM case management for security teams.

Provides security best practices guidance for ServiceNow instances, including authentication, SSO, MFA, and protection against XSS/injection vulnerabilities.

Manages ServiceNow access control lists (ACLs) and security configurations for role-based, row-level, and field-level security.