Rules
Security findings that point to the risky code.
Radar focuses on issues reviewers need before merge: injection paths, unsafe auth, traversal, secrets, and risky APIs.
Local static checks
Rules run in the local engine and produce actionable finding records with file, severity, confidence, and fix guidance.
- SQL injection
- Command injection
- Path traversal
- Hardcoded secrets
Evidence over scores
Each finding can include why it matters, how to fix it, and a copy-ready prompt for your coding agent.