open-source security copilot — beta

Earn the badge. Without speaking security.

Cliff scans your repo, explains every vulnerability in plain English, and opens draft pull requests that fix what it can fix. Self-hosted. Your code never leaves your machine.

Read the docs

AGPL-3.0 · Free forever for open-source maintainers · Built by security researchers submitting to Chrome VRP and other major bug-bounty programs.

▸ the difference
▸ what you get from every other scanner 
CVE          CVE-2024-4068
Package      braces@3.0.2
CVSS         7.5 (high)
Vector       ReDoS — Regular Expression Denial of Service
Affected     < 3.0.3
▸ what cliff says
A pattern-matching library your project uses has a known security flaw that could let an attacker slow down or crash your application by sending specially crafted input. This is a high-severity issue. The fix is one version bump — Cliff has it ready as a draft pull request. technical: CVE-2024-4068 · CVSS 7.5 · braces 3.0.2 → 3.0.3
▸ how it works

Three steps, one keystroke per fix.

Cliff runs locally. Your source never leaves the machine. Every fix arrives as a draft pull request you review like any contribution.

01 · point

Point Cliff at your repo.

One Docker command. Your GitHub token, your AI provider key, your repo URL. Cliff runs locally. Your source never leaves the machine.

02 · scan

Cliff scans, explains, and grades.

Lockfiles plus posture checks plus plain-English descriptions. A grade A through F, with the five things you need to fix to reach A.

03 · merge

Cliff opens draft PRs.

Every fix arrives as a draft pull request you review like any contribution. Cliff explains its reasoning. You merge — or you don't.

▸ what's in the box

Every box a security-curious maintainer wants to tick.

Six things Cliff does, today, in beta.

Lockfile scanning across npm, pip, Go modules, and more.

OSV.dev as the CVE source. No paid scanner dependency.

Posture checks beyond just dependencies.

Branch protection, secrets in code, SECURITY.md, lockfile presence — the basics, scored.

Agent-driven draft PRs.

Trivy plus Semgrep plus an LLM agent pipeline. Every PR is a draft; nothing auto-merges.

Plain-language CVE descriptions.

Every finding rewritten as if explaining it to a developer who has never read a CVE.

Self-hosted. BYOK LLM.

Anthropic, OpenAI, OpenRouter, or local Ollama. Your code stays on your machine.

AGPL-3.0. Free forever for OSS.

Open source itself. Run it, fork it, ship it on your repo.

▸ who built this
Cliff is built by a team that has spent the last year hunting vulnerabilities in production browsers and other major targets — Chrome VRP submissions confirmed, more pending. We saw the same gap from the maintainer side: real supply-chain pain, no tools that don't assume you already speak CVE. Cliff is the tool we wanted to exist for the maintainers we kept seeing in the data.
Chrome VRP submissions confirmed
Program 2 embargoed
Program 3 embargoed
Program 4 embargoed
▸ the destination
cliff verified — grade A badge

A credible mark, when you've earned it.

v1.1 ships a shareable completion summary card — a tweet-friendly image and a Markdown snippet you can paste in your README. The full public Cliff badge ships in v1.2, once enough maintainers have earned one that it actually means something. We're not rushing this. The point of a security badge is that it's credible, not that it exists.

▸ install

Two minutes, one command.

# pulls the beta image, mounts your repo, scans it, exits
docker run -it --rm \
  -v $(pwd):/repo \
  -e GITHUB_TOKEN=$GITHUB_TOKEN \
  -e ANTHROPIC_API_KEY=$ANTHROPIC_API_KEY \
  ghcr.io/cliff-security/cliff:beta \
  scan /repo

Or join the beta Discord and we'll walk you through it: discord.gg/cliff-beta.