Deputy
View Demo
AI-Powered Security

Security that protects your code while you sleep

Deputy is an AI agent that continuously scans your entire codebase for security issues, detecting threats before they become problems.

View Demo
Deputy Dashboard
Deputy Dashboard showing security scan results with vulnerabilities found including SQL Injection and Hardcoded API Credentials

Enterprise-grade security, simplified

Four pillars of protection that work together to keep your code secure.

Always-On Security Agent

Sleep soundly knowing your code is protected 24/7. Our AI agent automatically scans your entire codebase on every commit, pull request, or on-demand. Get instant alerts for critical vulnerabilities and detailed reports on potential risks—all without lifting a finger.

Always-On Security Agent

Comprehensive Vulnerability Detection

Deputy scans for the full spectrum of security threats—from critical SQL injection and XSS attacks to hardcoded credentials, missing rate limiting, and insecure authentication patterns. Watch in real-time as our agent analyzes your code and surfaces issues by severity level.

Comprehensive Vulnerability Detection

Deep Codebase Understanding

Unlike traditional scanners that check files in isolation, our agent learns your entire codebase. It understands code paths, dependencies, and architectural patterns to identify complex vulnerabilities that span multiple files and systems.

1import { validateInput } from '@/lib/security'
2import { db } from '@/lib/database'
3import { hashPassword, verifyToken } from '@/lib/auth'
4
5export async function authenticateUser(req: Request) {
6 const { email, password } = await req.json()
7
8 // Validate and sanitize user input
9 const sanitizedEmail = validateInput(email, 'email')
10 const sanitizedPassword = validateInput(password, 'string')
11
12 const user = await db.user.findUnique({
13 where: { email: sanitizedEmail },
14 include: { permissions: true, roles: true }
15 })
16
17 if (!user) {
18 throw new AuthError('Invalid credentials')
19 }
20
21 const isValid = await verifyPassword(
22 sanitizedPassword,
23 user.hashedPassword
24 )
25
26 // Generate secure session token
27 const token = await generateSecureToken({
28 userId: user.id,
29 permissions: user.permissions,
30 expiresIn: '24h'
31 })
32
33 return { token, user: sanitizeUser(user) }
34}
35
36async function validateApiRequest(headers: Headers) {
37 const authHeader = headers.get('Authorization')
38 const token = authHeader?.replace('Bearer ', '')
39
40 if (!token) {
41 return { valid: false, error: 'Missing token' }
42 }
43
44 const decoded = await verifyToken(token)
45 const session = await db.session.findUnique({
46 where: { tokenHash: hashToken(token) }
47 })
48
49 return { valid: true, userId: decoded.sub }
50}
1import { validateInput } from '@/lib/security'
2import { db } from '@/lib/database'
3import { hashPassword, verifyToken } from '@/lib/auth'
4
5export async function authenticateUser(req: Request) {
6 const { email, password } = await req.json()
7
8 // Validate and sanitize user input
9 const sanitizedEmail = validateInput(email, 'email')
10 const sanitizedPassword = validateInput(password, 'string')
11
12 const user = await db.user.findUnique({
13 where: { email: sanitizedEmail },
14 include: { permissions: true, roles: true }
15 })
16
17 if (!user) {
18 throw new AuthError('Invalid credentials')
19 }
20
21 const isValid = await verifyPassword(
22 sanitizedPassword,
23 user.hashedPassword
24 )
25
26 // Generate secure session token
27 const token = await generateSecureToken({
28 userId: user.id,
29 permissions: user.permissions,
30 expiresIn: '24h'
31 })
32
33 return { token, user: sanitizeUser(user) }
34}
35
36async function validateApiRequest(headers: Headers) {
37 const authHeader = headers.get('Authorization')
38 const token = authHeader?.replace('Bearer ', '')
39
40 if (!token) {
41 return { valid: false, error: 'Missing token' }
42 }
43
44 const decoded = await verifyToken(token)
45 const session = await db.session.findUnique({
46 where: { tokenHash: hashToken(token) }
47 })
48
49 return { valid: true, userId: decoded.sub }
50}

Cloud Infrastructure Scanning

Security doesn't stop at your code. Deputy connects to your cloud providers—AWS, GCP, Azure, and more—to scan for misconfigurations, exposed secrets, and infrastructure vulnerabilities. Get a complete picture of your security posture.

Cloud Infrastructure Scanning

Simple, transparent pricing

Choose the plan that fits your security needs. All plans include a 14-day free trial.

Starter

$29/month

Perfect for individual developers and small projects.

  • Up to 3 repositories
  • Daily scheduled scans
  • Basic vulnerability reports
  • Email notifications
  • Community support
Most Popular

Pro

$99/month

For growing teams that need comprehensive security.

  • Unlimited repositories
  • Real-time commit scanning
  • Advanced AI analysis
  • Slack & webhook integrations
  • Cloud infrastructure scanning
  • Priority support

Enterprise

Custom

For organizations with advanced security requirements.

  • Everything in Pro
  • Custom AI model selection
  • On-premise deployment option
  • SSO & SAML authentication
  • Dedicated success manager
  • Custom SLA