Heimdall Scan logo, AI security scanner for vibe coders
Heimdall ScanOpen Beta
Checks reference

Every check Heimdall runs, explained.

30 checks across security, compliance, and infrastructure. Each one is written for founders who do not have a security background. Browse by category, or search by name.

30 checks

Secrets & Credentials

Find hardcoded keys and protect what gets pushed to git.

Network & Transport

Keep traffic private and lock down cross-origin requests.

Access Control

Make sure the right user can reach the right thing, and nothing else.

API Hardening

Reject malformed input before it touches your database.

Payments

Verify Stripe events and avoid free-money exploits.

Infrastructure

Catch dev-only config and setup files that quietly break production.

Legal & Compliance

Policies and consent flows your platform partners require.

Observability

Know when something breaks before your users tell you.

Performance

Catch the database mistakes that surface under real load.

Discoverability

Get found on Google and look right when shared.