DeployReady — Production-Readiness Scanner
Catch the security and readiness issues before they ship — in one command.
DeployReady — Production-Readiness Scanner
Overview
DeployReady is our open-source CLI that scans an application for security and production-readiness issues before it ever reaches production. It runs 30+ structured checks and returns a 0–100 readiness score in seconds. It is the same security baseline we apply on every Belsoft project, packaged so any team can run it.
The Challenge
What needed to change
Most teams find out their app was not production-ready after it is already live — leaked secrets, missing auth, permissive CORS, no security headers. The checks that catch these are scattered across separate tools, run inconsistently, or skipped entirely under deadline pressure. The cost is a breach, an outage, or a 2 a.m. incident that a five-minute scan would have prevented. There was no single, fast, local-first gate that a developer could run on every commit without sending their source code to a third party.
Our Approach
How we engineered it
We built DeployReady local-first and AI-optional, because security tooling that forces you to upload your codebase is a non-starter for serious teams. Static checks run entirely on the developer machine, parsing code through the Babel AST to detect real vulnerability patterns rather than naive string matching. Dynamic checks probe a running app for live issues like auth bypass and exposed routes. The optional AI layer only ever sees redacted, structured findings — never raw source — and proposes before/after fixes the developer explicitly approves, working with Claude, OpenAI, or a fully offline Ollama model.
What We Built
The systems behind the result
Static analysis via Babel AST
Detects secrets, OWASP Top 10 patterns, weak crypto, and XSS by parsing the actual syntax tree — not brittle regex — so it catches real issues with fewer false positives.
Dynamic runtime checks
Probes a running application for auth bypass, exposed routes, missing security headers, permissive CORS, and slow endpoints that only surface at runtime.
0–100 readiness score
Aggregates every finding into a single score with a clear critical, warning, and info breakdown so teams know exactly what blocks a release.
Privacy-preserving AI layer
Optional AI suggests approved before/after fixes and only ever receives redacted structured findings. Static analysis always runs locally; AI works with Claude, OpenAI, or offline Ollama.
CI/CD integration
Drops straight into a pipeline and fails the build on critical issues, turning the security baseline into an automatic gate instead of a manual step.
Zero-install execution
Runs through npx in seconds with no setup. MIT-licensed with the full source on GitHub for teams to audit and extend.
The Impact
Results after launch
structured security and readiness checks, static and dynamic
readiness score with critical, warning, and info breakdown
npx deployready@latest ./my-app — no install required
Tech & Why
The stack, and the reasoning
TypeScript and Node.js make the tool installable anywhere a developer already works, and the Babel AST gives precise, language-aware static analysis instead of guesswork. Supporting Claude, OpenAI, and Ollama means teams choose their own privacy and cost trade-off, including fully offline. Jest-backed test coverage keeps a security tool that other teams depend on trustworthy.
Your project
What should we build for you?
30 minutes. Tell us what you're building and we'll map exactly what it will take.
Book a Strategy Call
