Your AI writes the code.Who checks the code?

Automated trust scoring for every pull request. Catch AI-generated patterns, hallucinated dependencies, and security vulnerabilities — before they ship.

Analyze your first PR — FreeWatch it work
auth-handler.ts
1import express from "express";
2import { hashPassword } from "bcrypt-utils";
3import { db } from "./config";
4
5app.post("/login", async (req, res) => {
6 const { user, pass } = req.body;
7 const q = `SELECT * FROM users WHERE name='${user}'`;
8 const result = await db.query(q);
9 if (!result) return res.status(401).send();
10 // TODO: implement proper auth check
11 res.json({ token: sign(result) });
12});

Trust Score: 72/100

Grade C — 3 findings

Analyzed in 1.2s

Threats hiding in AI-generated code·285 detected today

[npm]bcrypt-utils → does not exist
[pypi]python-sqlite → typosquat of sqlite3
[vuln]hardcoded AWS_SECRET in .env
[dep]lodash.deepclone → hallucinated
[vuln]eval(userInput) → code injection
[npm]express-auth-utils → does not exist
[vuln]process.env leaked in client bundle
[dep]next-auth-helpers → hallucinated
[npm]bcrypt-utils → does not exist
[pypi]python-sqlite → typosquat of sqlite3
[vuln]hardcoded AWS_SECRET in .env
[dep]lodash.deepclone → hallucinated
[vuln]eval(userInput) → code injection
[npm]express-auth-utils → does not exist
[vuln]process.env leaked in client bundle
[dep]next-auth-helpers → hallucinated
[vuln]SQL injection via string concatenation
[code]TODO: implement auth check
[dep]pg-utils-helper → does not exist
[vuln]res.send(userInput) → XSS risk
[code]AI pattern: generic error handling
[npm]mongo-db-client → hallucinated
[code]AI pattern: clipboard-paste boundary
[vuln]jwt.verify() with no expiry check
[vuln]SQL injection via string concatenation
[code]TODO: implement auth check
[dep]pg-utils-helper → does not exist
[vuln]res.send(userInput) → XSS risk
[code]AI pattern: generic error handling
[npm]mongo-db-client → hallucinated
[code]AI pattern: clipboard-paste boundary
[vuln]jwt.verify() with no expiry check

Catch fake packages instantly

Real-time validation against npm, PyPI, Go, and RubyGems. Hallucinated packages get flagged before they become supply chain attacks.

package.json

{

"dependencies": {

"express": "^4.18.2",
"zod": "^3.22.0",
"bcrypt-utils": "^2.1.0",
"prisma": "^5.7.0",
"jsonwebtoken": "^9.0.0"

}

}

Checked against 2.1M packages

Detect AI-generated code

AST analysis and ML heuristics identify AI-generated patterns — repetitive error handling, generic naming, clipboard boundaries.

user-controller.ts
1async function handleLogin(req, res) {
2 try {
3 const user = await findUser(req.body);
4 if (!user) return res.status(401).end();
5 } catch (error) {
6 console.error("Error:", error);
7 res.status(500).json({ error: "Error" });
8 }
9}

AI-generated pattern — 94% confidence

Repetitive error handling, generic variable names

Block vulnerabilities at the gate

Automated vulnerability detection across every pull request. Policy gates enforce minimum trust scores before code ships.

Terminal
$ veriva analyze --pr 142
Scanning 12 files... done
 
[CRITICAL] SQL injection at db.ts:23
Query built with string concatenation
→ Blocked by policy gate (min grade: B)
 
✗ PR check failed

Trust Score: 34/100

Grade F — blocked by policy

Trust scores you can act on

Every PR gets an A–F grade based on code quality, security, AI patterns, and dependency health. Track your codebase health over time.

PR #142 — Trust Score
Code Quality
92
Security
85
AI Patterns
64
Dependencies
78
Grade B — 3 findings across 8 files

Auto-fix with one click

AI suggests safe, context-aware fixes for every finding. Review the diff, accept or reject — your code, your call. No blind auto-merges.

Suggested Fix
src/db.ts:23 — SQL injection fix
- const q = `SELECT * FROM users WHERE id = ${id}`;
- const result = await db.query(q);
+ const result = await db.query(
+ "SELECT * FROM users WHERE id = $1",
+ [id]
+ );
Parameterized query prevents SQL injection

Enforce governance policies

Set custom rules that match your team's standards. Block merges that don't meet your minimum grade, restrict AI-generated code ratios, or require review on critical paths.

Policy: production-deployBLOCKED
Minimum trust score
Grade B or above
AI code ratio
< 40% AI-generated
No critical findings
0 critical issues
Dependencies verified
All packages exist

1 rule failed — merge blocked until resolved

Full audit trail

Every analysis, finding, fix, and policy decision is logged with who, what, and when. Meet compliance requirements with exportable audit reports.

Audit LogPR #142
2m agoveriva-botanalyzedPR #142
2m agoveriva-botflagged3 findings (1 critical)
1m agoaliceacceptedauto-fix for db.ts:23
1m agoveriva-botapplied fixcommit abc1234
45s agoveriva-botre-analyzedPR #142 — Grade B (81)
30s agopolicy-gatepassedproduction-deploy policy
Retained for 90 days (Ultra plan)

How It Works

Three steps to trusted code

From install to insight in minutes. No config, no CLI, no overhead.

1Install
V

Veriva

wants access to your repositories

Read code contents
Read pull requests
Write check runs

Install the GitHub App

One click, zero config. Works with GitHub.com and Enterprise.

2Push
src/auth.ts
- const token = req.headers.auth;
+ const token = await verify(
+ req.headers.authorization,
+ process.env.AUTH_SECRET
+ );
V
veriva-botjust now
AI-generated pattern detected
Hallucinated import found

Open a pull request

Every push triggers a 3-layer analysis automatically.

3Trust
A

Trust Score: 94

Security89%
AI Patterns96%
Dependencies91%
Policy gate: passed
No slopsquatting detected

Get your Trust Score

An A-F grade as a GitHub check. Policy gates block bad code.

GitHub Integration

Results where you already work

Veriva posts results as GitHub check runs and PR comments — no context switching.

fix: update auth handler#142
Openalice wants to merge into main from fix/auth
1 check needs attention
Veriva Trust Score— C (72)
Details
Build / Test— Passed
Details
V
veriva-aibotleft a comment

Veriva Analysis — Grade C (72/100)

DimensionScore
Security62/100
Quality85/100
Practices78/100
Dependencies64/100

7 findings — 2 critical, 3 high, 2 medium

Top Issues

Hallucinated package: bcrypt-utils ( auth-service.ts:3 )

The package "bcrypt-utils" does not exist in the npm registry. This may be a slopsquatting attack.

Fix: Use bcryptjs (the real package) instead.

+ 6 more findings — view full report

Powered by Veriva · AI Code Governance

Developer Tools

Scan everywhere you code

Real-time scanning in your editor, local analysis from the terminal, and automated checks in CI.

VS Code Extension
Install Extension
handler.ts — my-project
handler.ts
utils.ts
10import { parseConfig } from "./utils";
11import lodashUtils from "lodash-utils";
12const result = eval(userInput);
13
14export async function handler(req) {
15 const data = await fetchData(req.url);
16 return transform(data);
17}
PROBLEMS3
Unsafe use of eval() — potential code injectionLn 12
Hallucinated package: "lodash-utils" not in npm registryLn 27
AI-generated code missing error boundaryLn 45
Veriva Pro
B(78)
Real-time scanning
Inline diagnostics
Trust score badge
Terminal — zsh
$ veriva analyze
Scanning 3 files...
src/handler.ts
CRITICAL eval() with untrusted input
CRITICAL Unknown package "lodash-utils"
src/api/auth.ts
HIGH Missing rate limiting on login endpoint
src/utils.ts
MEDIUM AI-generated code lacks error handling
Trust Score
████████████████░░░░ 78/100 Grade: B
✓ 3 files · 4 findings · 2 critical · Grade: B (78)
CI/CD ready
SARIF export
Zero config

Pricing

Simple, transparent pricing

Start free. Upgrade when you need more. No hidden fees.

Hobby

$0forever

For open source projects and solo developers.

  • Up to 3 repositories
  • 50 PR analyses per month
  • Static code analysis
  • Trust scores & grades
  • GitHub check runs
  • 7-day audit log
  • Community support
Get Started

Pro

$29/month

For teams shipping AI-assisted code at scale.

  • Up to 25 repositories
  • Unlimited PR analyses
  • AI-powered code review
  • Auto-fix suggestions (50/day)
  • Inline PR comments
  • 10 team members
  • Up to 10 custom policies
  • 30-day audit log
  • Email support
Start Free Trial
Most Popular

Ultra

$99/month

For engineering orgs that take code governance seriously.

  • Unlimited repos & members
  • Unlimited PR analyses
  • AI-powered code review
  • Unlimited auto-fixes
  • Cross-PR pattern analysis
  • Unlimited custom policies
  • 90-day audit log
  • Priority support
Start Free Trial

Enterprise

Custom

For organizations with advanced security requirements.

  • Everything in Ultra
  • SSO / SAML
  • Self-hosted deployment
  • Custom rules engine
  • Unlimited data retention
  • SLA guarantee
  • Dedicated support
Contact Sales

FAQ

Frequently asked questions