RunSec

Overview / Description

RunSec is an AI code security scanner that detects vulnerabilities with ready-to-run proof-of-concept exploits for software development teams. Delivered as an MCP server that integrates directly into Cursor and VS Code, RunSec surfaces only issues with a credible execution path, eliminating false-positive noise before findings ever reach a developer's backlog. When a vulnerability is flagged — such as a SQL injection on an authentication path (CWE-89, CVSS 9.8) — the developer can hover the highlighted line in the editor and request a proof; RunSec returns a concrete curl command to demonstrate impact in seconds. This best AI code security scanner for teams needing audit-ready evidence maps findings to OWASP ASVS Level 3 controls, PCI-DSS v4.0 Requirement 6.5, SOC 2 Trust Services Criteria, and HIPAA technical safeguards. A CI/CD Quality Gate emits a strict verdict header that pipelines can use to block risky merges automatically, giving security and compliance teams a continuous, evidence-backed audit trail without manual triage. RunSec Hub acts as the central console where projects are managed, API keys are issued, and IDE integrations are configured, making it suitable for solo developers on the free tier up to regulated enterprise teams requiring SSO, dedicated deployment, and custom compliance rules.

Used For

RunSec is used primarily for real-time, in-IDE vulnerability detection and compliance evidence generation by software developers and security engineers working on regulated or security-sensitive codebases. It targets individual developers on the free tier and professional or enterprise teams that must satisfy PCI-DSS, SOC 2, OWASP ASVS, or HIPAA requirements.

Pricing

Plan

Free

Free — 1 local project, standard static scans, community support

View pricing

Plan

$10/month

$10/month per user — Pro plan: unlimited projects, AI-cognitive audit (zero noise), ready-to-run PoC generation, 14-day free trial

View pricing

Plan

Free

Custom — Enterprise plan: SSO/SAML, dedicated Hub deployment, custom compliance rules (SOC 2/PCI-DSS), 24/7 priority support

View pricing

Pros & Cons

Pros

  • Generates ready-to-run curl proof-of-concept for each flagged vulnerability, letting developers verify impact in seconds without leaving the IDE
  • Integrates as an MCP server directly into Cursor and VS Code via a simple API key setup in RunSec Hub
  • Maps findings to OWASP ASVS Level 3, PCI-DSS v4.0 Requirement 6.5, SOC 2, and HIPAA — producing evidence trails suitable for formal audits
  • CI/CD Quality Gate emits a strict verdict header to automatically block risky merges in pipelines
  • Zero-false-positive filtering means only vulnerabilities with a credible execution story reach the developer backlog

Cons

  • Free plan limited to a single local project with standard static scans only — no AI-cognitive audit or PoC generation
  • Enterprise pricing is custom (not published), requiring a sales conversation for regulated-org deployment
  • Limited public documentation on third-party integrations beyond Cursor and VS Code

Questions & Answers

Alternatives

Snyk, SonarQube, Semgrep, GitHub Advanced Security, Checkmarx

RunSec | AI Tools Directory