Deterministic Scanner · Proof Engine · Optional Local AI

Proof-First
Vulnerability Detection

Scan locally. Generate PoCs. Verify in Docker.
Every finding ships with evidence: source→sink chain, guard analysis, and impact proof. IDOR, SQLi, SSRF, Auth Bypass, and more. Deploy self-hosted or use our managed SaaS—your choice.

Enter the Lab See How It Works
500 CVE Repos Scanned
80.4% CVE Detection Rate
1-Click Docker PoC Verify

80.4% strict recall (correct vulnerability type + correct file) across 500 CVE repositories. See methodology →

Available as Self-Hosted or Managed SaaS

terminal 
$ tracemint scan ./my-app

◈ TraceMint v2.0
├─ Analyzing: 234 files across 12 frameworks
├─ Categories: IDOR, SQLi, Auth Bypass, SSRF, XSS
└─ Running semantic analysis...

✓ Static Analysis 42 candidates
✓ Cross-file Taint 18 flows traced
✓ Guard Verification 7 confirmed vulnerabilities

⚠ CRITICAL: IDOR in OrderController.php:84
  Type: Missing ownership check
  Evidence: user_id not verified against session

⚠ HIGH: SQLi in SearchService.php:127
  Type: Unsanitized input in raw query

$ tracemint poc --finding VH-001 --docker

├─ docker-compose detected · lab starting...
✓ Container ready mysql:8.0 + php:8.1
✓ PoC executed UNION-based extraction
✓ Impact verified: admin credentials leaked
Capabilities

Beyond pattern matching
semantic understanding

Multi-pass analysis combines static rules with deep code comprehension

1

Parse

AST extraction across 30+ languages

py php js go
2

Trace

Cross-file taint propagation

$input process() query()
3

Verify

Guard & sanitizer effectiveness

✗ No ownership check ✓ Auth middleware
4

Verdict

Evidence-backed findings

CRITICAL IDOR
30+
Language & framework engines
25+
Vulnerability classes
2,000+
Detection rules
Evidence-backed findings
Why Different

Four pillars that
set us apart

🔒

Data-Control First

Self-host for full control or use our managed SaaS with enterprise-grade isolation. Your code, your rules.

📋

Proof-First

Every finding ships with evidence: ACCESS, BINDING, DOMINANCE, EFFECT obligations proven or failed.

🔬

Verification-Ready

We eliminate false positives—not you. 5-stage reduction pipeline + auto-generated PoCs for each finding.

Mode-Based

FAST for CI/CD gates. BALANCED for daily scans. DEEP for security audits. Same engine, your depth choice.

See the difference in action
Analysis Modes

Choose your
analysis depth

FAST

Static Only

Rule-based static analysis with AST parsing. Good for CI/CD and initial triage.

  • Tree-sitter AST parsing
  • Pattern-based detection
  • Basic taint tracking
  • Cross-file analysis
  • Semantic verification
High Speed
Moderate Precision

BALANCED

Hybrid

Static candidates verified by semantic analysis. Best precision-to-coverage ratio.

  • Full static analysis
  • Cross-file taint tracking
  • Guard verification
  • Framework-aware checks
  • Blind file scanning
Balanced Speed
High Precision
🔬

DEEP

Exhaustive

Full codebase semantic analysis. Catches edge cases and framework-specific patterns.

  • Full static analysis
  • Interprocedural taint
  • Business logic analysis
  • Route/endpoint mapping
  • Blind semantic scanning
Thorough Speed
Highest Precision