code scanning
30 articles about code scanning in AI news
Vulnetix VDB: Live Package Security Scanning Inside Claude Code
A new MCP server, Vulnetix VDB, provides real-time security scanning for package dependencies within Claude Code, helping developers catch vulnerabilities as they write code.
SonarQube Cloud's New MCP Server: Add Security Scanning to Claude Code in 5 Minutes
SonarQube Cloud now has a native MCP server, letting Claude Code analyze code for security vulnerabilities, bugs, and code smells directly in your editor.
scan-for-secrets 0.2: Streamline Your Security Workflow with New CLI Options
Simon Willison's scan-for-secrets 0.2 adds streaming output, multi-directory scanning, and file-specific options that developers can use immediately in Claude Code workflows.
DeepSeek's HISA: Hierarchical Sparse Attention Cuts 64K Context Indexing Cost
DeepSeek researchers introduced HISA, a hierarchical sparse attention method that replaces flat token scanning. It removes a computational bottleneck at 64K context lengths without requiring any model retraining.
Claude Code's /powerup Command
Claude Code's April 2026 update includes /powerup—built-in interactive lessons that teach core features without leaving your terminal.
Developer Fired After Manager Discovers Claude Code, Prefers LLM Output
A developer was fired after his manager discovered he used Claude AI to build a project, then had the AI 'vibe code' a replacement in days. The manager dismissed the developer's warnings about AI hallucinations on complex requirements.
How Claude Code's Upstream Proxy Solves Corporate Network Headaches
Claude Code's CCR feature transparently routes subprocess HTTP traffic through a secure WebSocket tunnel, handling corporate MITM certificates and complex network routing automatically.
Claude Code Digest — Apr 05–Apr 08
Claude Code's hidden /compact flag cuts token usage by 90% for lightning-fast iterations.
How to Decode Anthropic's Press Releases for Better Claude Code Updates
Claude Code users should learn to filter Anthropic's technical announcements for actionable updates on model capabilities, context windows, and API pricing that affect daily development.
Cisco's Memory Poisoning Report: Why Claude Code Users Must Audit Their CLAUDE.md Now
A new security report reveals that instructions placed in your CLAUDE.md file can be weaponized to persistently compromise Claude Code's behavior across sessions, demanding immediate file audits.
Codex-CLI-Compact: The Graph-Based Context Engine That Cuts Claude Code Costs 30-45%
A new local tool builds a semantic graph of your codebase to pre-load only relevant files into Claude's context, reducing token usage by 30-45% without quality loss.
Don Cheli SDD: The 72-Command Framework That Enforces TDD in Claude Code
Don Cheli SDD adds structured development discipline to Claude Code with 72 commands, automatic complexity detection, and iron-law TDD enforcement.
How to Use Claude Code's Loading Verbs to Track Agent Activity
Claude Code's loading verbs reveal what your agent is doing—learn how to read them and when to intervene.
How to Use Claude Code's Subagent Feature for Isolated Task Execution
Claude Code's new subagent feature lets you run isolated tasks in separate interpreter sessions, preventing context pollution and improving reliability.
Claude Code Plugin 'Understand' Generates Interactive Knowledge Graphs from Codebases
A new Claude Code plugin called 'Understand' automatically analyzes any codebase to create an interactive knowledge graph. It enables developers to query code in plain English, visualize dependencies, and generate onboarding guides.
Anthropic's Claude Code Adds Scheduled, Cloud-Based Task Execution
Anthropic's Claude Code now supports scheduling recurring, cloud-based tasks. Users can set a repository, schedule, and prompt, with Claude executing the task automatically.
Claude Code Security's Blind Spot: Why You Still Need Runtime Monitoring for Magecart
Claude Code Security can't catch Magecart attacks hiding in third-party assets—learn what it can scan and when to use runtime tools instead.
GitHub MCP Server Now Scans for Secrets in Claude Code — Here's How to Use It
The GitHub MCP Server can now scan your code changes for exposed secrets before you commit, preventing credential leaks directly in your Claude Code workflow.
Forge Plugin Adds Governance to Claude Code: 22 Agents, Quality Gates, and Zero Config
Install the Forge plugin to add automated quality checks, health scoring, and specialized agents to Claude Code workflows in 30 seconds.
Add a Desktop Pet to Claude Code for Visual Feedback on AI Activity
Install an open-source desktop pet that reacts to Claude Code's events—thinking, coding, running commands—with animated SVG feedback.
Track Every Claude Code Session Automatically with This GitHub Hook
Install claude-session-tracker to automatically save all your Claude Code conversations as GitHub Issues linked to a Projects board—no lost context, searchable history.
OpenAI Launches Codex Security: AI-Powered Vulnerability Scanner That Prioritizes Real Threats
OpenAI has unveiled Codex Security, an AI agent designed to scan software projects for vulnerabilities while intelligently filtering out false positives. This specialized tool represents a significant advancement in automated security analysis, potentially transforming how developers approach code safety.
Claude Code's Auto-Memory: The AI Assistant That Remembers Your Entire Project
Anthropic's Claude Code now features auto-memory capabilities, allowing the AI coding assistant to retain context across sessions and recall project details automatically. This breakthrough addresses a fundamental limitation of current AI tools and could transform developer workflows.
The Silent Revolution: How AI Code Reviewers Are Earning Trust Through Real-World Validation
AI-powered code review systems are undergoing continuous validation through thousands of daily developer actions in open-source repositories. Each time a developer fixes a bug flagged by AI, it serves as an independent vote of confidence in the system's accuracy.
Claude Code Digest — Apr 08–Apr 11
Cut financial data token burn by 90% using the PTC pattern with MCP servers.
Strix Open-Source Tool Finds 600+ Vulnerabilities in AI-Generated Code by Simulating Attacker Behavior
Strix, an open-source security tool, dynamically probes running applications for business logic flaws that traditional testing misses. It found 600+ verified vulnerabilities across 200 companies, addressing critical gaps in AI-driven development workflows.
How to Configure Claude Code's Sub-Agent Orchestration for Parallel, Sequential, and Background Work
Add routing rules to your CLAUDE.md to make your central AI delegate tasks intelligently—parallel for independent domains, sequential for dependencies, background for research.
New AI Framework Uses Diffusion Models to Authenticate Anti-Counterfeit Codes
Researchers propose a novel diffusion-based AI system to authenticate Copy Detection Patterns (CDPs), a key anti-counterfeiting technology. It outperforms existing methods by classifying printer signatures, showing resilience against unseen counterfeits.
Keygraph's Shannon AI Pentester Hits 96.15% on XBOW, Finds Real Exploits
Keygraph released Shannon, a fully autonomous AI pentester that hunts real exploits in source code with a 96.15% success rate on the hint-free XBOW Benchmark. It runs a full test in about an hour for roughly $50 using Claude Sonnet.
Audit Your MCP Servers in 10 Seconds with This Free Security Score API
A new free API gives Claude Code users a Lighthouse-style security score for any MCP server, revealing that 60% of scanned packages have vulnerabilities.