A CLI or API, that would carry out a security audit on the Wappler project to detect common security issues, such as:
This would be helpful when Integrating the CI/CD pipelines in DevSecOps or NoOps
Adding a couple of more checks that can be included here:
Bump!!!
Bump!
Bump!
Bump!!!
When you realise at 3am that you forgot you enabled debug…
Bump!!!
I voted on this a while ago, if this is possible it would be a great help so securing our work. I’ve just been through some stuff I did a good while ago and a lot of it had missing security on APIs - it was easy enough to sort out but having an overview given by an audit facility would be way clearer.
Bump!!! 
Bump!!!
Bump!!!
Bump!!
Bump!!!
Bump!
If you're using Github, you can connect tools like Semgrep | Semgrep Code or https://www.jit.io/ to your repositories and find most vulnerabilities, including hard-coded credentials.
It won't find missing security restricts on APIs ootb, but I think you should be able to create custom rules for those.
Be prepared to find a lot of security issues though. 
Hi @kfawcett,
Thanks for the suggestion! Semgrep is a great tool, but it does have limitations when it comes to low-code platforms. Tools like Semgrep and NPM audit (for SAST and SCA) are important, for code vulnerabilities, dependency checks and license violation monitoring, to ensure security throughout CI/CD processes.
For Node.js projects, a strong alternative to Semgrep would be NodeJSScan or ndjscan CLI. I’ve published a forked version on PyPI that even supports exporting results in a DefectDojo-compatible format: https://pypi.org/project/cdmx-njsscan/
However to cover up those limitations we would still require the Security Audit feature,
Like the one n8n has:
AFAIK, there are NodeJSScan rules that can be used in Semgrep. I wonder if it would be worth creating Wappler rulesets and submitting them to the Semgrep registry.