Is my source code sent to ShipSafe servers?

Never. ShipSafe runs entirely on your machine. Scans, analysis, and auto-fixes all happen locally. Your source code never leaves your computer. No account required. Works offline.

How do I install ShipSafe?

Run: npm install -g @shipsafe/cli. Then run 'shipsafe scan' in any project directory. That's it — zero configuration required.

What does ShipSafe detect?

ShipSafe has 1,200+ detection rules covering SQL injection (127 rules), XSS (143 rules), prompt injection (7 rules), command injection (89 rules), SSRF (67 rules), hardcoded secrets (174 patterns), insecure authentication (98 rules), malicious MCP servers (30 patterns), path traversal, insecure deserialization, and more.

How is ShipSafe different from Snyk or SonarQube?

ShipSafe runs entirely locally (Snyk requires cloud), has AI-specific security rules like prompt injection and malicious MCP server detection (unique to ShipSafe), strips image metadata, and includes an MCP server for AI coding assistants. It's built for solo developers and small teams who use AI coding assistants.

Can I use ShipSafe with Claude, Cursor, or other AI tools?

Yes. ShipSafe includes an MCP server with 8 tools that plug directly into Claude, Cursor, Windsurf, and any other MCP-compatible assistant. Your AI can check security while it writes code.

What is prompt injection and does ShipSafe detect it?

Prompt injection is when untrusted user input is passed directly into LLM prompts, allowing attackers to manipulate AI behavior. ShipSafe has 7 dedicated rules that detect unsanitized user input in LLM prompts, system prompt leakage, indirect prompt injection via retrieved content, and prompt template manipulation.

What are malicious MCP servers and how does ShipSafe detect them?

Malicious MCP servers are rogue AI tool servers that can steal credentials, exfiltrate code, or inject malicious prompts. ShipSafe's scan-environment command checks your MCP configurations, CLAUDE.md files, git hooks, and npm scripts for 30 threat patterns including credential theft, data exfiltration, and prompt injection.

Yes. The free tier includes full security scanning with 1,200+ rules, git pre-commit hooks, baseline/delta mode, and support for 1 project. Pro ($19/mo) adds knowledge graph analysis, auto-fix, monitoring, and MCP server. Team ($49/mo) adds GitHub App integration and source maps.

How does ShipSafe reduce false positives?

ShipSafe uses Tree-sitter AST analysis to understand code context — it knows whether a variable comes from user input and whether it's been sanitized before reaching a dangerous sink. This context-aware detection dramatically reduces false positives compared to regex-only scanners.

Is it safe to use claude --dangerously-skip-permissions with ShipSafe?

ShipSafe's git pre-commit hooks provide a safety net when using --dangerously-skip-permissions. Even if Claude Code writes insecure code in autonomous mode, ShipSafe blocks the commit if it contains hardcoded secrets or critical vulnerabilities. Install hooks with: shipsafe hooks install.

Configuration

ShipSafe works with zero configuration. When you need to customize behavior, these are your options.

.shipsafeignore

Create a .shipsafeignore file in your project root to exclude files and directories from scanning. The syntax is identical to .gitignore.

# .shipsafeignore

# Ignore test fixtures with intentionally vulnerable code
tests/fixtures/
__tests__/vulnerable-samples/

# Ignore generated files
dist/
build/
.next/

# Ignore specific files
scripts/seed-data.ts
migrations/*.sql

# Ignore vendor code
vendor/
third-party/

ShipSafe automatically respects your .gitignore in addition to .shipsafeignore. The node_modules directory is always excluded.

shipsafe.config.json

For advanced configuration, create a shipsafe.config.json file in your project root.

{
  "severity": "medium",
  "rules": {
    "disable": ["auth/missing-csrf-protection"],
    "override": {
      "secrets/generic-high-entropy": "low"
    }
  },
  "hooks": {
    "blockOn": "critical",
    "warnOn": "high",
    "scanStaged": true
  },
  "output": {
    "format": "text",
    "colors": true,
    "showFix": true
  },
  "scan": {
    "extensions": [".ts", ".tsx", ".js", ".jsx", ".py"],
    "maxFileSize": "1mb",
    "workers": 4
  }
}

Configuration Options

severity

Minimum severity to report: "critical", "high", "medium", or "low". Default: "low".

rules.disable

Array of rule IDs to disable. Use when a rule generates false positives for your specific codebase.

rules.override

Override the severity of specific rules. Useful for downgrading rules that are not relevant to your risk profile.

hooks.blockOn

Minimum severity to block a commit. Default: "critical".

scan.workers

Number of parallel workers for scanning. Default: CPU count. Set lower on memory-constrained systems.

Environment Variables

ShipSafe reads these environment variables, which override config file settings:

Variable	Description	Default
SHIPSAFE_SEVERITY	Minimum severity to report	low
SHIPSAFE_FORMAT	Output format: text, json, sarif	text
SHIPSAFE_NO_COLOR	Disable colored output	false
SHIPSAFE_WORKERS	Number of parallel workers	CPU count
SHIPSAFE_LICENSE_KEY	Pro/Team license key	—

Baseline Management

Baselines let you adopt ShipSafe on existing projects without being overwhelmed by pre-existing findings. See the CLI reference for full command details.

# Create a baseline from current findings
shipsafe scan --baseline

# Scan showing only new findings since baseline
shipsafe scan --delta

# Reset the baseline
shipsafe baseline reset

# View baseline summary
shipsafe baseline show

The baseline file is stored at .shipsafe/baseline.json. Commit this file to your repository so your entire team shares the same baseline.

Hook Configuration

Git hooks are configured in the hooks section of shipsafe.config.json:

{
  "hooks": {
    "blockOn": "critical",
    "warnOn": "high",
    "scanStaged": true,
    "timeout": 30000
  }
}

•blockOn — severity that blocks the commit (default: "critical")
•warnOn — severity that shows warnings (default: "high")
•scanStaged — only scan staged files, not the full project (default: true)
•timeout — max hook duration in milliseconds (default: 30000)