ShakerScanRun Public DAST Preview

Industry

Security evidence for B2B SaaS teams shipping AI features.

B2B SaaS teams need to ship fast while answering customer security reviews. ShakerScan turns runtime AI and API checks into evidence-backed release decisions.

Run Public DAST PreviewInstall GitHub App

Sample gate decision

allow

Customer-facing AI feature passes release policy

The team can show scope, policy, evidence hash, and verification command for a recent AI Gate run.

customer-facing target:support-chat-api
release policy:ai-gate-release
evidence packet:ai-security-review-2026-04
attestation:verified
1

A PR, preview deploy, API target, or AI workflow is ready for review.

2

ShakerScan tests the real web, API, or AI behavior with a selected scan profile and policy.

3

Findings, transcripts, and runtime artifacts are normalized into evidence.

4

Policy returns allow, block, or needs_approval.

5

CI/CD verifies the signed evidence and either proceeds, blocks, or waits for an eligible scoped approval-token workflow.

Why ShakerScan

The output is a release control, not just a report.

ShakerScan is built around release evidence: a tested target, a policy result, a verifier command, and an approval path when risk needs human review.

Signed evidence

Evidence hashes and AI Gate attestations bind the decision to the target, environment, policy, probe pack, and release scope when signing is configured.

CI-verifiable decision

GitHub Actions or the shakerscan CLI can verify that the decision matches the expected repo, commit, branch, environment, target, policy, and evidence hash.

Approval workflow

When an eligible workflow is approved, scoped approval tokens record the reason, audience, expiry, and decision path instead of bypassing the gate silently.

Checklist

B2B SaaS checklist

Gate customer-facing AI features first.

Create an evidence packet for security questionnaires.

Run preview gates on PRs that touch prompts, tools, retrieval, auth, or APIs.

Track fixed, open, and approved-risk findings.

Limitations

What this page does not claim

ShakerScan does not replace human security review, threat modeling, or a scoped penetration test.

AI Gate decisions depend on the configured target, probe pack, policy, scan profile, and available evidence.

Production targets require authorization, safe scope, rate limits, and operational approval.

FAQ

Is ShakerScan an AI pentesting replacement?

No. ShakerScan is a verifiable security gate for release workflows. It complements deeper manual testing by producing repeatable runtime evidence and CI-verifiable allow, block, or needs_approval decisions.

Can ShakerScan scan any target?

No. Targets must be owned by the customer or explicitly authorized. Production scans should use safe profiles, rate limits, and defined scope.