LaunchGuard Solana
Sign inScan my repo
Language coverage

Solana-first. Web2-ready.

LaunchGuard Solana is optimized for the Solana startup stack. The 6-engine pipeline also reaches deep into modern Web2 SaaS — Next.js, Supabase, Vercel, AI endpoints, and payment flows. We're honest: this is not a universal scanner for every language or legacy stack.

Best supported

The Solana startup stack

LaunchGuard's own engine and rule pack are built around this stack. Expect the best findings, the most accurate confidence, and the strongest fix recommendations here.

TypeScript / JavaScript

Next.js, API routes, Supabase client, Wallet Adapter, AI endpoints

Rust / Anchor

Solana on-chain programs, signer/PDA/has_one constraints, SPL flows

SQL

Supabase migrations, RLS policies, service-role usage patterns

JSON / YAML

next.config, vercel.json, GitHub Actions workflows, OpenAPI specs

Broad reach via Semgrep

Static rules across 30+ languages

Semgrep ships with rule packs for many ecosystems. We surface their hits in the normalized finding model and run them through the same priority + confidence rules.

TypeScriptJavaScriptPythonGoJavaRubyPHPCC++C#RustKotlinScalaSwiftSolidityBashTerraformDockerfileYAMLJSONHTMLOCamlElixir… and more
Dependency vulnerabilities via OSV

12 package ecosystems

OSV-Scanner reads lockfiles and manifests directly. Coverage isn't language-by-language — it's ecosystem-by-ecosystem.

npm / pnpm / yarn
JS / TS
Cargo
Rust
PyPI
Python
Go modules
Go
Maven
Java
RubyGems
Ruby
NuGet
.NET
Composer
PHP
pub.dev
Dart
Packagist
PHP
GitHub Actions
Workflows
Linux distro packages
OS

Secrets via TruffleHog

Language-agnostic. Works on any text file.

API keysSupabase keysCloud keys (AWS / GCP / Azure)Solana keypairsAI provider keysStripe / payment keys.env leaksDatabase passwords

Raw secret values are never persisted. Only detector type, file, line, verified flag, and a salted fingerprint are stored.

Live validation via Shannon

Language-agnostic at the HTTP layer.

Shannon validates safe approved routes from your deployed URL. It does not care whether your backend is Next.js, Django, Rails, Go, Java, or another framework.

Active validation only runs after explicit user authorization through the consent checklist.

Quick reference

Coverage Q&A

Does LaunchGuard support all languages?

No. LaunchGuard Solana is focused, not universal.

Best supported stack?

TypeScript / JavaScript + Rust / Anchor + Supabase SQL + Vercel / Next.js.

Can it scan Web2 apps?

Yes — many modern web apps work great through Semgrep, TruffleHog, OSV, DeepSec, and Shannon. We're Solana-first, Web2-ready.

Does Shannon care about language?

No. Shannon validates deployed HTTP/API behavior — your backend can be Next.js, Django, Rails, Go, Java, or anything else.

Is this Snyk-scale language coverage?

Not yet. LaunchGuard Solana is focused on Solana / Web3 launch readiness with strong modern Web2 coverage.

What we don't cover well: niche languages (COBOL, Fortran), legacy mainframe stacks, or proprietary DSLs. We're not pretending we do.