Security Report
Prioritized findings covering access control, exposed data, unsafe APIs, secrets, dependencies, and configuration.
- OWASP and CWE references
- Affected code and request path
- Evidence and remediation guidance
Zuli
Zuli reviews your application for security risks and hidden business rules, then shows what the code permits, where it fails, and what needs attention.
High risk
Invoice access is not scoped to the signed-in user.
GET /api/invoices/:id
Rule mismatch
Staff can apply discounts above the approval threshold.
discount > 20%
Two reports
Prioritized findings covering access control, exposed data, unsafe APIs, secrets, dependencies, and configuration.
The permissions, approvals, payments, limits, and workflows the application actually enforces.
Workflow
Select the project folder you want to understand.
Local project context
Zuli traces security controls and consequential business rules through the code.
Evidence-backed findings
Confirm the intended behaviour and use the report to guide a developer or fix the issue.
Clear remediation work
Zuli download links will appear only when a supported release file is available. Check Releases for current platform availability.
Check the release history for supported Zuli builds and availability.