Features

Everything it covers, on one page.

Five tabs, one section, no scrolling for a quarter mile. Ctrl-F still works: every tab panel is in the DOM, just visually hidden until selected.

TypeScript / JavaScript

Express, Fastify, NestJS, Next.js (App + Pages), Koa, Hono, Elysia, AdonisJS, tRPC.

Python

FastAPI, Flask, Django + DRF + Ninja, Starlette, aiohttp, Tornado, Litestar. include_router(prefix=) preserved.

Go

net/http, gin, echo, chi, fiber, gorilla mux.

Ruby

Ruby on Rails (Action Pack routing).

Java / Kotlin

Spring Boot (annotations, request mappings, security configs).

C#

ASP.NET Core (attribute routes, controllers, minimal APIs).

PHP

Laravel (routes, middleware, model bindings).

Salesforce

Apex (REST + Aura), LWC, Aura, Flow, Visualforce, metadata (Profiles, Permission Sets, Named Credentials, Connected Apps).

Community

Feature you wish we had?

The fastest path to a new detector or framework is the Substack chat or r/vulkro. The fastest way to hear when it ships is the newsletter. The slowest, but most reliable, is email.

Substack

Subscribe once, get two things: the weekly CVE + release digest in your inbox, and access to the live chat where in-between things land (detector ideas, weird findings, release heads-ups).

Subscribe + join chat

Public community at r/vulkro. Bug reports, scan-result war stories, CVE chat, AppSec questions. No email required, indexed by Google so threads stay useful.

Open r/vulkro

Email

Bug reports, install help, billing questions. One human reads every message. No web form, no chatbot, no AI summariser.

Email support

Full Pro for 14 days, then Free forever.

Install, scan your repo, see what it finds. On day 15 the CLI drops to the Free tier and keeps running. Pro is $19 a month or $149 a year if you want compliance, portfolio, extended languages, or the deep packs back.

Install Vulkro See the benchmark