APIs are the #1 attack surface, but security shouldn't slow you down. ApiPosture is a developer-first, static analysis tool to find misconfigurations in seconds. 1 line to install, 1 line to run. Built for modern stacks (Python, Node,NET, Go, Java, PHP) it detects authorization gaps and OWASP Top 10 issues with zero false positives. Our core CLI is open-source (MIT) and 100% local. Your code never leaves your machine. Shift left, automate your CI/CD, fix API flaws before they hit production.
Thanks for checking out our APIPosture launch on Product Hunt. My partner Blago and I go way back and we’ve worked on multiple projects together and kept running into the same problem: API security vulnerabilities.
It’s built from scratch using ao .NET and Python, based on real-world API security challenges (see also Blago’s story below). We recently tested an alpha version in a small group of developers, incorporated their feedback, and are now excited to launch on PH.
Setup is simple: run it locally or in CI, scan your code, get results. That’s it. And important: Your code never leaves your environment.
Curious how others are handling API checks today and ofcourse what we can improve.
Feel free to reach out with any questions or feedback.
Hello everyone, super excited to have my first PH launch!
For a long time, even before AI came into play, I had a problem with visualization of all endpoints and their authorization rules. I mean, I had Swagger, and OpenAPI, but I needed to come into each endpoint, one by one, to remember whether I set a particular endpoint to be protected or not. So I built a tool that does exactly this, and I made it open-source.
But since it was super easy to install and scan in, like, a minute, I was wondering where I could go with this thing. That's when I started to work on Pro (OWASP and Secrets scanning) and the Enterprise version (compliance reports with SOC2 or ISO27001). The best thing, it still installs and scans in under 2 minutes, supporting over 10 frameworks spanned over 6 programming languages. All scans are done locally 100% and will remain like that in the future.
And with the help of my partner Martijn, we are launching this thing with a great deal of excitement, even if this week some AI models claim to do security scanning, they still upload your entire codebase, and cost like $20,000 in tokens.
Drop a question if you have some inquiry about products or founders!
About ApiPosture: Scan your APIs in seconds on Product Hunt
“2-min setup. 100% local analysis. OWASP & Secrets detection.”
ApiPosture: Scan your APIs in seconds was submitted on Product Hunt and earned 3 upvotes and 2 comments, placing #104 on the daily leaderboard. APIs are the #1 attack surface, but security shouldn't slow you down. ApiPosture is a developer-first, static analysis tool to find misconfigurations in seconds. 1 line to install, 1 line to run. Built for modern stacks (Python, Node,NET, Go, Java, PHP) it detects authorization gaps and OWASP Top 10 issues with zero false positives. Our core CLI is open-source (MIT) and 100% local. Your code never leaves your machine. Shift left, automate your CI/CD, fix API flaws before they hit production.
ApiPosture: Scan your APIs in seconds was featured in API (98k followers), Developer Tools (511k followers) and Security (2.6k followers) on Product Hunt. Together, these topics include over 79.1k products, making this a competitive space to launch in.
Who hunted ApiPosture: Scan your APIs in seconds?
ApiPosture: Scan your APIs in seconds was hunted by Blago Čuljak. A “hunter” on Product Hunt is the community member who submits a product to the platform — uploading the images, the link, and tagging the makers behind it. Hunters typically write the first comment explaining why a product is worth attention, and their followers are notified the moment they post. Around 79% of featured launches on Product Hunt are self-hunted by their makers, but a well-known hunter still acts as a signal of quality to the rest of the community. See the full all-time top hunters leaderboard to discover who is shaping the Product Hunt ecosystem.
Want to see how ApiPosture: Scan your APIs in seconds stacked up against nearby launches in real time? Check out the live launch dashboard for upvote speed charts, proximity comparisons, and more analytics.
Blago Čuljak
Hey there!
Thanks for checking out our APIPosture launch on Product Hunt. My partner Blago and I go way back and we’ve worked on multiple projects together and kept running into the same problem: API security vulnerabilities.
It’s built from scratch using ao .NET and Python, based on real-world API security challenges (see also Blago’s story below). We recently tested an alpha version in a small group of developers, incorporated their feedback, and are now excited to launch on PH.
Setup is simple: run it locally or in CI, scan your code, get results. That’s it. And important: Your code never leaves your environment.
Curious how others are handling API checks today and ofcourse what we can improve.
Feel free to reach out with any questions or feedback.