Checks reference
Every check Heimdall runs, explained.
30 checks across security, compliance, and infrastructure. Each one is written for founders who do not have a security background. Browse by category, or search by name.
30 checks
Secrets & Credentials
Find hardcoded keys and protect what gets pushed to git.
Network & Transport
Keep traffic private and lock down cross-origin requests.
Access Control
Make sure the right user can reach the right thing, and nothing else.
API Hardening
Reject malformed input before it touches your database.
Payments
Verify Stripe events and avoid free-money exploits.
Infrastructure
Catch dev-only config and setup files that quietly break production.
Legal & Compliance
Policies and consent flows your platform partners require.
Observability
Know when something breaks before your users tell you.
Performance
Catch the database mistakes that surface under real load.
Discoverability
Get found on Google and look right when shared.
