Documentation

DryRun Security is an AI-native application security platform that reviews every pull request and repository scan for vulnerabilities in real time. It builds an intelligence layer on top of all scan data, surfacing trends, patterns, and risks across your entire codebase and development organization. These docs cover setup, scanning, code security intelligence, platform administration, and integrations.

AppSec Engineers Surface top-level risk across your organization, review findings in depth, and run targeted security reviews on any repository. Developers Connect your repositories, understand PR findings as they appear, and triage false positives without leaving your workflow. Admins Configure repository scanning rules, manage notification channels, customize finding interpretation, and integrate via the API and MCP.

Products

PR Scanning Every PR is reviewed by DryRun Security's AI engine, which posts contextual findings directly in your code review. Repository Scanning with DeepScan Scan an entire codebase on demand to uncover vulnerabilities that predate PR-level analysis. Secrets Scanning Catch API keys, tokens, and hardcoded passwords in diffs before they are merged into protected branches. IaC Scanning Scan Terraform configurations for security misconfigurations and insecure defaults in pull requests. SCA Identify known CVEs and license issues in your open-source dependencies with DeepScan. Auto Fix Accept AI-generated fixes for common vulnerability patterns and verify the remediation in a single step.

Code Security Intelligence

Code Security Intelligence An intelligence layer built on top of all finding data and trends, surfacing feature ships, vulnerability trends, architecture risks, developer patterns, shadow AI usage, incident investigation, and more.

Platform & Integrations

PR Blocking Prevent PRs from merging when findings exceed the severity or policy thresholds you define. Custom Code Policies Write organization-specific security rules in plain language and enforce them on every scan. Compliance & GRC Generate compliance reports, maintain audit trails, and demonstrate regulatory readiness from a single dashboard. Slack Integration Route finding alerts and scan summaries to the Slack channels your team already monitors. Webhook Integration Stream scan events and finding data to any HTTP endpoint for custom automation and reporting pipelines. MCP Expose DryRun Security data to AI coding assistants and agents through the Model Context Protocol.