Traditional security scanners understand code. codelake understands applications — how the call graph flows, what's actually reachable from the internet, which findings would survive a real attack, and how compliance evidence maps to the code that earns it.

One platform, one PR queue, one auditor portal, one exploit graph that connects them all.

Six product modules behind a single backend and a single graph:

• CODE — SAST + SCA + secrets + IaC with CVE-to-call-graph reachability proof
• PROTECT — Runtime application self-protection (RASP) across 9 languages
• COMPLY — Compliance evidence + auditor portal across SOC 2, ISO 27001, GDPR, HIPAA, PCI-DSS, NIS2, DORA, BSI, TISAX, C5
• AI — Autofix agent that ships patches as reviewable PRs
• PENTEST — Automated and human-assisted penetration testing
• BRIDGE — Turn your existing REST / GraphQL APIs into agent-ready MCP servers without rewriting them

Developer surfaces so the platform meets engineers where they work:

• CLI with offline scan, LSP daemon, MCP server, agent-loop review
• IDE plugins for VS Code and JetBrains
• Stand-alone npm package that bridges Claude Code / Cursor / Windsurf to the codelake API
• /codelake-* slash-commands for AI tools

Stand-alone products in adjacent niches:

• QuickAudit at quickaudit.dev — free-tier web scanner
• MCP Scanner at mcpscanner.app — security review for MCP server implementations

Found a vulnerability in any codelake property? We have a structured response policy:

• Machine-readable: codelake.dev/secrets.json (response targets, scope, safe harbor)
• Email: security@codelake.dev
• Response targets: Critical 4h · High 24h · Medium 7d · Low 30d

Most of this org is private — the source for the platform and standalone products is closed. A subset of distribution-strategic libraries (CLI, MCP server bridge, IDE plugins, Shield RASP SDKs, error-tracking SDKs) is MIT-licensed so adoption stays frictionless. Public repos appear in the list below this README; private ones power the products described above.

• Product: codelake.dev
• Support: hello@codelake.dev
• Issues: per-repo within this org

codelake is operated by codelake Technologies LLC, an Akyros Labs brand. codelake.dev · hello@codelake.dev