Unifying Secure and Accessible Code in One Tool
The OWASP + WCAG Guidelines Scanner is a developer-first tool that scans web applications for both security vulnerabilities and accessibility issues in one unified experience.
It merges OWASP Top 10 security scanning (via Wapiti) and WCAG 2.1 accessibility testing (via Pa11y) into a clean interface with:
- One-click scan
- Categorized results
- Exportable reports
- Local or CI/CD integration support
Most tools focus on either:
- Security (e.g., OWASP ZAP, Semgrep), or
- Accessibility (e.g., axe-core, Lighthouse)
This results in:
- Multiple workflows
- Inconsistent reports
- High setup cost or enterprise lock-in
"Make quality code accessible to every developer — secure, inclusive, and effortless."
We built a single tool for scanning both WCAG + OWASP issues, with an intuitive UI and no DevOps burden.
- Frontend: ReactJS
- Backend: Spring Boot
- Security Scan: Wapiti (CLI)
- Accessibility Scan: Pa11y (CLI)
- Scan a URL or uploaded code file
- Choose scan type: WCAG, OWASP, or both
- Downloadable TXT results
- Filtered views for accessibility or security
- Beginner-friendly and cross-platform
- Node.js + npm
- Java 17+
- Maven
- Install Wapiti:
pip install wapiti3 - Install Pa11y:
npm install -g pa11y
cd frontend
npm install
npm startcd backend
./mvnw spring-boot:run- ✅ Visual dashboards with severity
- ✅ Add GitHub Actions integration
- ✅ Create custom OWASP detection logic
- ✅ PDF/HTML report downloads