ElevatedIQ.ai ElevatedIQ.ai

Hardened Crypto Audit System

“Hack Me If You Can” – adversarial, serverless security scanning on Google Cloud. SAST • DAST • Dependencies. Idle cost: $0.00. On‑demand only.

Explore Services Quick Start
81+
Semgrep Rules
3
Scan Types
100%
Serverless GCP
$0
Idle Cost

Quick Start

# Clone & configure
git clone https://github.com/elevatediq/sast-dast-tool
cd sast-dast-tool

# Update config/.env with your project
$env:GCP_PROJECT_ID = "your-project-id"
$env:TARGET_URL = "https://your-app.com"

# Run the scan with live progress bar
.\scripts\scan-project.ps1 -SourcePath "c:\path\to\repo"

# Download results locally
.\scripts\view-results.ps1 -BuildId "BUILD_ID"
# Clone & configure
git clone https://github.com/elevatediq/sast-dast-tool
cd sast-dast-tool

# Update config/.env with your project
export GCP_PROJECT_ID="your-project-id"
export TARGET_URL="https://your-app.com"

# Run the scan
./scripts/scan-project.sh --source-path /path/to/repo

# Download results locally
./scripts/view-results.sh --build-id BUILD_ID
# GitHub Actions example
name: Security Scan
on: [push, pull_request]
jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Run ElevatedIQ Scan
        run: |
          curl -O https://elevatediq.ai/scripts/scan.sh
          chmod +x scan.sh
          ./scan.sh --project ${{ secrets.GCP_PROJECT }}
      - uses: actions/upload-artifact@v3
        with:
          name: security-reports
          path: reports/

How it works

1) Trigger

Kick off scans on demand, from CI, or on a schedule. Infra scales from zero—no servers waiting around.

2) Scan

Semgrep, ZAP (baseline), and Trivy run in isolated Cloud Build workers with strict timeouts and logs.

3) Report

Artifacts (HTML/JSON/SARIF) are written to GCS and available for download. Summaries highlight fixes.

4) Improve

Fix the top issues first: authentication, injection, secrets, and dependency CVEs—verify with next run.

Trusted by teams who value speed and safety

Fast
5–15 min scans
Clear
Actionable reports
Safe
Prod‑friendly DAST
Zero
Idle cost

What You Get

Semgrep SAST

81+ rules across auth, injection, secrets, and cryptography. JSON, SARIF, and HTML outputs for CI and IDEs.

OWASP ZAP DAST

Baseline passive scans safe for prod. Crawl + report vulnerabilities without damaging live environments.

Trivy Dependencies

Scan npm, pip, and container images for CVEs. Updated vulnerability DB and clear remediation hints.

Automated Reports

SECURITY_SUMMARY.md plus HTML/JSON/SARIF reports uploaded to GCS and downloaded locally post‑scan.

Trusted by Security-First Teams

"We run ElevatedIQ scans on every PR. Found 12 critical issues in the first week—issues that would have made it to production."

Sarah Chen Security Lead, FinTech Startup

"The serverless architecture means zero idle costs. We only pay when scanning. Perfect for our DevSecOps budget."

Marcus Rodriguez DevOps Engineer, Healthcare Platform

"Clear, actionable reports. No noise, no false positives buried in thousands of warnings. Just the vulnerabilities that matter."

Alex Kim CTO, Crypto Exchange

Ready to Elevate Your Security Posture?

Start scanning in minutes. No credit card required. Pay only for what you use.

Get Started Learn More