Run authorized scans across web, API, IaC, and cloud configuration — wired into GitLab merge requests and directly into your Lovable editor via MCP. Ask Hermes AI for findings from a prompt and get prompt-ready remediation blocks back.
Launch manual or scheduled scans against staging and production targets with saved auth profiles. The scanner auto-detects the right framework packs and suggests new ones as your stack changes.
OWASP Top 10, Supabase RLS, API Top 10, Stripe webhooks, React, CIS Terraform / K8s / Docker — enabled per project and recommended automatically based on your tech stack.
Static analysis for Terraform, CloudFormation, Kubernetes YAML, Helm charts, and Dockerfiles with OPA / Sentinel-style custom rules.
Read-only AWS, Azure, and GCP account checks that flag risky posture without touching workloads.
Push, merge-request, and pipeline-triggered scans with advisory comments or hard status-check gating.
Expose scans, findings, and Hermes remediation as MCP tools your Lovable prompts can call directly — OAuth 2.1 + PKCE, project-scoped tokens.
Customers ask for new language, framework, or IaC packs directly in the portal and track delivery status.
Evidence, request/response snippets, CWE mapping, and remediation state per finding.
Branded executive and technical PDF / CSV exports drafted with Hermes AI.
Deduplicates, correlates, prioritizes, and drafts summaries — labeled AI-generated, grounded in evidence. Hermes also checks for new compliance standards every 7 days.
Every scan requires an authorization confirmation. Full audit log of who launched what and when.
RBAC, MFA, encrypted secrets, signed webhooks with replay protection, and rate-limited scan endpoints.
RASS plugs into your Lovable project as a custom MCP server. Trigger scans, pull findings, and get Hermes-drafted remediation blocks without ever leaving the editor. No context switching, no copy-pasting stack traces into a separate tool.
Web application security top 10 (2021)
API-specific vulnerabilities and abuse (OWASP API Top 10)
Row-level security, policy audit, key isolation
Signature verification, replay safety, idempotency
XSS, storage, DOM safety in the browser
AWS / Azure / GCP misconfigurations in Terraform HCL
Policy-as-code checks for secrets and org standards
AWS CloudFormation IAM, network, and storage checks
Pod security, workload hardening, and RBAC checks
Rendered Helm chart values against Kubernetes baselines
Dockerfile hardening — root user, tags, remote sources
AWS account, IAM, and service configuration
Azure subscription, IAM, and service configuration
GCP project, IAM, and service configuration
Bring a target URL, a signed authorization, and an auth profile. RASS handles the rest.
Launch a scan