/ checks

Everything ShipRight audits.

Five categories, twenty points each. A hundred-point ceiling on what production-ready means.

Category

Security

Worth

20/100

01Exposed API keys & service-role secretsauto-fix

02Routes missing auth middlewarecursor prompt

03No rate limiting on auth & API endpointscursor prompt

04Permissive CORS (wildcard origin)cursor prompt

05SQL injection vectorsguide

06Missing input validation (no Zod / Yup)cursor prompt

07Open redirect vulnerabilitiescursor prompt

08Missing Content-Security-Policy headerauto-fix

09Insecure cookie flags (no HttpOnly / Secure)cursor prompt

10Hardcoded secrets in environment examplesauto-fix