HiAUDIT analyzes web application code across 11 languages and 12 frameworks. As with smart contracts, you drive it through natural-language prompts in your IDE chat.
What to type in chat
| What you want | What to type in chat |
|---|---|
| Scan application code | ”Run a security scan on this Express app” |
| Check for injections | ”Check this Flask app for injection vulnerabilities” |
| Taint analysis | ”Run taint analysis on this Spring Boot project” |
| OWASP Top 10 check | ”What’s the OWASP Top 10 posture score?” |
| Find hardcoded secrets | ”Find hardcoded secrets in this Node.js project” |
What gets analyzed
- Static analysis across TypeScript, JavaScript, Python, Java, Go, Ruby, PHP, C#, Rust, Kotlin, and COBOL.
- Taint analysis tracking data flow from untrusted sources (user input, environment, database, network, filesystem, etc.) to security-sensitive sinks (SQL, OS commands, HTML output, SSRF, and more).
- OWASP Top 10 2025 compliance analysis with a security posture score.
Related reference
- Supported languages — full language and framework matrix.
- MCP tools — the web application tools behind these prompts.
- Skills — web application audit workflows and their trigger phrases.