# Prev-ent

> Prev-ent is a SaaS security tool that scans GitHub repositories for vulnerabilities in AI-generated code. It shows developers exactly how an attacker would exploit their code and provides the fixed version they can apply in one click.

## Key pages

- [/](https://prev-ent.com/): Homepage and product overview
- [/pricing](https://prev-ent.com/pricing): Pricing tiers — free, Pro ($15/mo), Team ($49/seat/mo)
- [/blog](https://prev-ent.com/blog): Plain-English security guides for vibe coders and developers
- [/blog/how-to-check-if-your-vibe-coded-app-is-secure](https://prev-ent.com/blog/how-to-check-if-your-vibe-coded-app-is-secure): 7-minute guide for non-engineers
- [/blog/most-common-security-vulnerabilities-in-ai-generated-code](https://prev-ent.com/blog/most-common-security-vulnerabilities-in-ai-generated-code): Reference guide to the 8 most common AI-introduced vulnerability patterns
- [/dashboard](https://prev-ent.com/dashboard): User dashboard (requires login)

## About

Prev-ent is built for vibe coders and software developers who use AI tools like Cursor, Bolt, Lovable, v0, GitHub Copilot, ChatGPT, and Claude to write code. It scans full GitHub repositories using the Anthropic Claude API and explains every security vulnerability in plain English — including the exact attack scenario, the malicious input an attacker would use, and the corrected code. Users can apply fixes in one click; Prev-ent opens a pull request on their repo with the change.

Unlike Snyk, Semgrep, SonarQube, GitHub CodeQL, and GitGuardian, Prev-ent is specifically positioned for AI-generated code patterns and built for the entire developer spectrum — from non-engineers building apps with AI to professional developers using AI coding assistants daily.

## Authentication

GitHub OAuth only. No email/password. Users sign in once with their GitHub account and grant Prev-ent the `repo` scope so it can read repositories and open pull requests with security fixes.

## How it works

1. User connects their GitHub account via OAuth
2. User selects a repo to scan from the dashboard
3. Prev-ent fetches the codebase, sends scannable files to the Claude API with a specialized security analysis prompt
4. Prev-ent streams reasoning to the user in real time and identifies vulnerabilities (SQL injection, hardcoded secrets, missing auth, XSS, path traversal, SSRF, etc.)
5. User sees a report with each vulnerability explained in plain English plus BEFORE/AFTER code blocks
6. User clicks "Apply fix" — Prev-ent opens a pull request on their GitHub repo with the corrected code

## What Prev-ent finds

- SQL injection via template literals
- Hardcoded API keys, tokens, and credentials
- Missing authorization checks on protected routes
- Cross-site scripting (XSS) via dangerouslySetInnerHTML or unescaped output
- Path traversal in file-serving endpoints
- Server-Side Request Forgery (SSRF)
- Insecure deserialization (pickle, YAML unsafe load)
- JWT misuse (alg:none, hardcoded secrets, no expiration)
- All OWASP Top 10 categories
- AI-specific patterns common in code from Cursor, Copilot, Claude, and ChatGPT