Export Report
OVERALL SCORE
Level 2, Agent-Limited
- AI Discoverability 33 out of 100
- Agent Ease of Use 39 out of 100
- Security & Trust 20 out of 100
- GEO, AIO and AEO 68 out of 100
- SEO 85 out of 100
- Performance and Accessibility 62 out of 100
What AI sees of your website
Semgrep App Security Platform | AI-assisted SAST, SCA and Secrets Detection
An extensible developer-friendly application security platform that scans source code to surface true and actionable security issues with AI-assisted SAST, SCA, and Secrets Detection solutions.
Next step
Turn this report into a fix workflow
31 failed checks are ready to move into MCP or CLI remediation. Generate a repair prompt, connect the scanner to your coding agent, or open the integration docs before your next rescan.
| Metric | Score | Status | Passed | Failed | Warning | Evidence |
|---|---|---|---|---|---|---|
| AI Discoverability | 33 | Priority fix | 8 | 17 | 0 | View details |
| Discoverability | 29 | Priority fix | 2 | 7 | 0 | View details |
| Content Readiness | 50 | Needs work | 5 | 6 | 0 | View details |
| Bot Access Control | 17 | Priority fix | 1 | 4 | 0 | View details |
| Agent Ease of Use | 39 | Priority fix | 16 | 33 | 4 | View details |
| API | 28 | Priority fix | 2 | 7 | 0 | View details |
| Auth | Not Applicable | Not Applicable | 3 | 8 | 0 | View details |
| MCP | 47 | Priority fix | 3 | 7 | 3 | View details |
| Skill Discovery | 42 | Priority fix | 4 | 11 | 1 | View details |
| Agent Commerce | Not Applicable | Not Applicable | 4 | 0 | 0 | |
| GEO, AIO and AEO | 68 | Needs work | 6 | 3 | 10 | View details |
| GEO Readiness | 80 | Mostly ready | 2 | 0 | 3 | |
| AIO Readiness | 60 | Needs work | 2 | 2 | 3 | View details |
| AEO Readiness | 64 | Needs work | 2 | 1 | 4 | View details |
| SEO | 85 | Mostly ready | 9 | 2 | 0 | View details |
| SEO | 85 | Mostly ready | 9 | 2 | 0 | View details |
| Security & Trust | 32 | Priority fix | 4 | 6 | 0 | View details |
| Security & Trust | 20 | Priority fix | 1 | 4 | 0 | View details |
| AI Training Exposure | 50 | Needs work | 3 | 2 | 0 | View details |
| Performance and Accessibility | 62 | Needs work | 20 | 5 | 1 | View details |
| Performance | 49 | Priority fix | 12 | 3 | 1 | View details |
| Accessibility | 87 | Mostly ready | 8 | 2 | 0 | View details |
Prioritized recommendations
Issues ranked by score impact
52 items need attention
Security & TrustAI Training ExposureEmerging recommendation
TDMRep declaration
TDMRep declaration is missing or incomplete.
100 Fail
Security & TrustAI Training ExposureEmerging recommendation
TDMRep declaration
TDMRep declaration is missing or incomplete.
Needs attention
TDMRep declaration
Issue
Response is not valid JSON.
Why it matters
TDMRep is a W3C Community Group protocol and IANA-registered well-known URI for declaring text and data mining reservation policy on applicable content.
Check name
TDMRep declaration
Score
0/100
Status
fail
Category
AI Training Exposure
Maturity
Emerging recommendation
Goal
Publish a machine-readable text and data mining reservation declaration when the site needs one.
Result
TDMRep declaration is missing or incomplete.
Validation steps
Validate TDMRep rules
Response is not valid JSON.
Evidence
{
"statusCode": 200,
"contentType": "text/html; charset=utf-8",
"valid": false,
"compatibleContentType": false,
"issue": "Response is not valid JSON.",
"rawExcerpt": "<!doctype html>\n<html lang=\"en\">\n <head>\n <script nonce=\"5a816851d763be1cb575e8c13106ee01\">(()=>{const c=[{id:\"deploymentAuthorizedActions\",pathTemplate:\"/api/agent/deployments/:orgId/authorized_actions\",method:\"GET\",bodyTemplate:void 0,queryKeyTemplate:[\"DeploymentService\",\"GetDeploymentAuthorizedActions\",{request:{deploymentId:\":orgId\"}}],isInfiniteQuery:!1,priorityRoutes:[]},{id:\"findingCounts-sast\",pathTemplate:\"/api/agent/deployments/:orgId/issue_counts\",method:\"POST\",bodyTemplate:{issueType:\"ISSUE_TYPE_SAST\",issueTypes:[\"ISSUE_TYPE_SAST\"],filter:{tab:\"ISSUE_TAB_OPEN\",onPrimaryBranch:!0}},queryKeyTemplate:[\"IssuesService\",\"GetIssueCounts\",{request:{deploymentId:\":orgId\",issueType:\"ISSUE_TYPE_SAST\",issueTypes:[\"ISSUE_TYPE_SAST\"],filter:{tab:\"ISSUE_TAB_OPEN\",onPrimaryBranch:!0}}}],i",
"steps": [
{
"id": "fetch",
"title": "Fetch /.well-known/tdmrep.json",
"status": "pass",
"evidence": {
"statusCode": 200,
"contentType": "text/html; charset=utf-8",
"length": 21378
}
},
{
"id": "validate",
"title": "Validate TDMRep rules",
"status": "fail",
"evidence": {
"valid": false,
"compatibleContentType": false,
"issue": "Response is not valid JSON.",
"rawExcerpt": "<!doctype html>\n<html lang=\"en\">\n <head>\n <script nonce=\"5a816851d763be1cb575e8c13106ee01\">(()=>{const c=[{id:\"deploymentAuthorizedActions\",pathTemplate:\"/api/agent/deployments/:orgId/authorized_actions\",method:\"GET\",bodyTemplate:void 0,queryKeyTemplate:[\"DeploymentService\",\"GetDeploymentAuthorizedActions\",{request:{deploymentId:\":orgId\"}}],isInfiniteQuery:!1,priorityRoutes:[]},{id:\"findingCounts-sast\",pathTemplate:\"/api/agent/deployments/:orgId/issue_counts\",method:\"POST\",bodyTemplate:{issueType:\"ISSUE_TYPE_SAST\",issueTypes:[\"ISSUE_TYPE_SAST\"],filter:{tab:\"ISSUE_TAB_OPEN\",onPrimaryBranch:!0}},queryKeyTemplate:[\"IssuesService\",\"GetIssueCounts\",{request:{deploymentId:\":orgId\",issueType:\"ISSUE_TYPE_SAST\",issueTypes:[\"ISSUE_TYPE_SAST\"],filter:{tab:\"ISSUE_TAB_OPEN\",onPrimaryBranch:!0}}}],i"
},
"issue": "Response is not valid JSON.",
"howToFix": "Publish /.well-known/tdmrep.json as an array of TDMRep rule objects with location and tdm-reservation values of 0 or 1."
}
]
}AI DiscoverabilityBot Access ControlEstablished
AI bot rules in robots.txt
AI bot rules in robots.txt is missing or incomplete.
33 Fail
AI DiscoverabilityBot Access ControlEstablished
AI bot rules in robots.txt
AI bot rules in robots.txt is missing or incomplete.
Needs attention
AI bot rules in robots.txt
Issue
No specific User-agent rules found for major AI crawlers (GPTBot, ClaudeBot, etc.) in robots.txt.
Why it matters
Explicit AI bot rules reduce ambiguity for crawler operators and make training, indexing, or retrieval access policy auditable.
Check name
AI bot rules in robots.txt
Score
0/100
Status
fail
Category
Bot Access Control
Maturity
Established
Goal
Add User-agent rules for AI crawlers like GPTBot, Claude-Web, and others.
Result
AI bot rules in robots.txt is missing or incomplete.
Evidence
{
"expectedBots": [
"GPTBot",
"ChatGPT-User",
"ClaudeBot",
"Claude-Web",
"Anthropic-AI",
"Google-Extended",
"PerplexityBot",
"CCBot",
"Applebot-Extended",
"Meta-ExternalAgent",
"Bytespider",
"Amazonbot",
"Cohere-AI"
],
"configuredBots": []
}AI DiscoverabilityContent ReadinessEstablished
Content freshness signals
Content freshness signals is missing or incomplete.
33 Fail
AI DiscoverabilityContent ReadinessEstablished
Content freshness signals
Content freshness signals is missing or incomplete.
Needs attention
Content freshness signals
Issue
Content freshness signals are incomplete: missing Last-Modified HTTP header; missing dateModified/datePublished in JSON-LD; missing meta or <time> freshness tags.
Why it matters
Freshness signals help agents decide whether content is current enough to cite, summarize, or compare against newer sources.
Check name
Content freshness signals
Score
0/100
Status
fail
Category
Content Readiness
Maturity
Established
Goal
Expose modified and published dates for freshness-aware retrieval and ranking.
Result
Content freshness signals is missing or incomplete.
Evidence
{
"lastModified": null,
"schemaDates": [],
"metaDateCount": 0,
"timeDateCount": 0
}AI DiscoverabilityBot Access ControlInformational
Content Signal
Content Signal is missing or incomplete.
33 Fail
AI DiscoverabilityBot Access ControlInformational
Content Signal
Content Signal is missing or incomplete.
Needs attention
Content Signal
Issue
No Content Signal found in robots.txt
Why it matters
Content Signal provides a machine-readable way to communicate AI usage preferences where participating crawlers look for policy.
Check name
Content Signal
Score
0/100
Status
fail
Category
Bot Access Control
Maturity
Informational
Goal
Declare AI content usage preferences with Content Signal in robots.txt.
Result
Content Signal is missing or incomplete.
Evidence
{
"signals": [],
"ai-train": false,
"search": false,
"ai-input": false
}AI DiscoverabilityContent ReadinessEstablished
Markdown negotiation
Markdown negotiation failed at "Markdown content type".
33 Fail
AI DiscoverabilityContent ReadinessEstablished
Markdown negotiation
Markdown negotiation failed at "Markdown content type".
Needs attention
Markdown negotiation
Issue
Content-Type "text/html; charset=UTF-8" does not indicate Markdown when requested with Accept: text/markdown.
Why it matters
Markdown negotiation gives agents a cleaner representation of page content while preserving normal HTML for browsers.
Check name
Markdown negotiation
Score
0/100
Status
fail
Category
Content Readiness
Maturity
Established
Goal
Return HTML responses as markdown when agents request it.
Result
Markdown negotiation failed at "Markdown content type".
Validation steps
Markdown content type
Content-Type "text/html; charset=UTF-8" does not indicate Markdown when requested with Accept: text/markdown.
Vary: Accept header
Markdown negotiation is missing Vary: Accept; current Vary header is "Origin".
Structured Markdown body
Markdown response is missing a heading.
Evidence
{
"failedStep": "content-type",
"steps": [
{
"id": "content-type",
"title": "Markdown content type",
"status": "fail",
"evidence": {
"statusCode": 200,
"contentType": "text/html; charset=UTF-8"
},
"issue": "Content-Type \"text/html; charset=UTF-8\" does not indicate Markdown when requested with Accept: text/markdown.",
"howToFix": "Return Content-Type: text/markdown; charset=utf-8 for requests with Accept: text/markdown."
},
{
"id": "vary-accept",
"title": "Vary: Accept header",
"status": "fail",
"evidence": {
"vary": "Origin"
},
"issue": "Markdown negotiation is missing Vary: Accept; current Vary header is \"Origin\".",
"howToFix": "Add Vary: Accept on negotiated Markdown responses so shared caches keep HTML and Markdown variants separate."
},
{
"id": "markdown-content",
"title": "Structured Markdown body",
"status": "fail",
"evidence": {
"valid": false,
"hasHeading": false,
"wordCount": 7820,
"excerpt": "<!doctype html>\n<html lang=\"en\">\n <head>\n <meta charset=\"utf-8\">\n <meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge\">\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">\n\n \n <!-- Google Tag Manager -->\n",
"issue": "Markdown response is missing a heading."
},
"issue": "Markdown response is missing a heading.",
"howToFix": "Return Markdown with at least one heading and substantive page content, including useful links or instructions for agents."
}
]
}Agent Ease of UseAPIEstablished
OpenAPI discovery
OpenAPI discovery failed at "Find valid OpenAPI document".
33 Fail
Agent Ease of UseAPIEstablished
OpenAPI discovery
OpenAPI discovery failed at "Find valid OpenAPI document".
Needs attention
OpenAPI discovery
Issue
OpenAPI YAML document did not match the expected shape. Content-Type "text/html; charset=utf-8" is not a recognized type; unsupported version: ; missing info block with title and version; missing paths block; no operations found.
Why it matters
OpenAPI documents let agents understand available operations, schemas, authentication, and request formats before calling an API.
Check name
OpenAPI discovery
Score
0/100
Status
fail
Category
API
Maturity
Established
Goal
Publish a valid OpenAPI or Swagger document for API discovery.
Result
OpenAPI discovery failed at "Find valid OpenAPI document".
Validation steps
Find valid OpenAPI document
OpenAPI YAML document did not match the expected shape. Content-Type "text/html; charset=utf-8" is not a recognized type; unsupported version: ; missing info block with title and version; missing paths block; no operations found.
Evidence
{
"failedStep": "fetch",
"steps": [
{
"id": "fetch",
"title": "Find valid OpenAPI document",
"status": "fail",
"evidence": {
"checked": [
{
"path": "/openapi.json",
"statusCode": 200,
"contentType": "text/html; charset=utf-8",
"valid": false,
"issue": "OpenAPI YAML document did not match the expected shape. Content-Type \"text/html; charset=utf-8\" is not a recognized type; unsupported version: ; missing info block with title and version; missing paths block; no operations found.",
"compatibleContentType": false,
"format": "yaml",
"version": "",
"pathCount": 0,
"operationCount": 0,
"rawExcerpt": "<!doctype html>\n<html lang=\"en\">\n <head>\n <script nonce=\"0f21cda57957ba1a10d6a89422ffd035\">(()=>{const c=[{id:\"deploymentAuthorizedActions\",pathTemplate:\"/api/agent/deployments/:orgId/authorized_actions\",method:\"GET\",bodyTemplate:void 0,queryKeyTemplate:[\"DeploymentService\",\"GetDeploymentAuthorizedActions\",{request:{deploymentId:\":orgId\"}}],isInfiniteQuery:!1,priorityRoutes:[]},{id:\"findingCounts-sast\",pathTemplate:\"/api/agent/deployments/:orgId/issue_counts\",method:\"POST\",bodyTemplate:{issueType:\"ISSUE_TYPE_SAST\",issueTypes:[\"ISSUE_TYPE_SAST\"],filter:{tab:\"ISSUE_TAB_OPEN\",onPrimaryBranch:!0}},queryKeyTemplate:[\"IssuesService\",\"GetIssueCounts\",{request:{deploymentId:\":orgId\",issueType:\"ISSUE_TYPE_SAST\",issueTypes:[\"ISSUE_TYPE_SAST\"],filter:{tab:\"ISSUE_TAB_OPEN\",onPrimaryBranch:!0}}}],i"
},
{
"path": "/openapi.yaml",
"statusCode": 200,
"contentType": "text/html; charset=utf-8",
"valid": false,
"issue": "OpenAPI YAML document did not match the expected shape. Content-Type \"text/html; charset=utf-8\" is not a recognized type; unsupported version: ; missing info block with title and version; missing paths block; no operations found.",
"compatibleContentType": false,
"format": "yaml",
"version": "",
"pathCount": 0,
"operationCount": 0,
"rawExcerpt": "<!doctype html>\n<html lang=\"en\">\n <head>\n <script nonce=\"c15c74b897bab8566a7f66c48f610da3\">(()=>{const c=[{id:\"deploymentAuthorizedActions\",pathTemplate:\"/api/agent/deployments/:orgId/authorized_actions\",method:\"GET\",bodyTemplate:void 0,queryKeyTemplate:[\"DeploymentService\",\"GetDeploymentAuthorizedActions\",{request:{deploymentId:\":orgId\"}}],isInfiniteQuery:!1,priorityRoutes:[]},{id:\"findingCounts-sast\",pathTemplate:\"/api/agent/deployments/:orgId/issue_counts\",method:\"POST\",bodyTemplate:{issueType:\"ISSUE_TYPE_SAST\",issueTypes:[\"ISSUE_TYPE_SAST\"],filter:{tab:\"ISSUE_TAB_OPEN\",onPrimaryBranch:!0}},queryKeyTemplate:[\"IssuesService\",\"GetIssueCounts\",{request:{deploymentId:\":orgId\",issueType:\"ISSUE_TYPE_SAST\",issueTypes:[\"ISSUE_TYPE_SAST\"],filter:{tab:\"ISSUE_TAB_OPEN\",onPrimaryBranch:!0}}}],i"
},
{
"path": "/swagger.json",
"statusCode": 200,
"contentType": "text/html; charset=utf-8",
"valid": false,
"issue": "OpenAPI YAML document did not match the expected shape. Content-Type \"text/html; charset=utf-8\" is not a recognized type; unsupported version: ; missing info block with title and version; missing paths block; no operations found.",
"compatibleContentType": false,
"format": "yaml",
"version": "",
"pathCount": 0,
"operationCount": 0,
"rawExcerpt": "<!doctype html>\n<html lang=\"en\">\n <head>\n <script nonce=\"4891f1671ae5f02785f20f81cfffcffe\">(()=>{const c=[{id:\"deploymentAuthorizedActions\",pathTemplate:\"/api/agent/deployments/:orgId/authorized_actions\",method:\"GET\",bodyTemplate:void 0,queryKeyTemplate:[\"DeploymentService\",\"GetDeploymentAuthorizedActions\",{request:{deploymentId:\":orgId\"}}],isInfiniteQuery:!1,priorityRoutes:[]},{id:\"findingCounts-sast\",pathTemplate:\"/api/agent/deployments/:orgId/issue_counts\",method:\"POST\",bodyTemplate:{issueType:\"ISSUE_TYPE_SAST\",issueTypes:[\"ISSUE_TYPE_SAST\"],filter:{tab:\"ISSUE_TAB_OPEN\",onPrimaryBranch:!0}},queryKeyTemplate:[\"IssuesService\",\"GetIssueCounts\",{request:{deploymentId:\":orgId\",issueType:\"ISSUE_TYPE_SAST\",issueTypes:[\"ISSUE_TYPE_SAST\"],filter:{tab:\"ISSUE_TAB_OPEN\",onPrimaryBranch:!0}}}],i"
},
{
"path": "/swagger.yaml",
"statusCode": 200,
"contentType": "text/html; charset=utf-8",
"valid": false,
"issue": "OpenAPI YAML document did not match the expected shape. Content-Type \"text/html; charset=utf-8\" is not a recognized type; unsupported version: ; missing info block with title and version; missing paths block; no operations found.",
"compatibleContentType": false,
"format": "yaml",
"version": "",
"pathCount": 0,
"operationCount": 0,
"rawExcerpt": "<!doctype html>\n<html lang=\"en\">\n <head>\n <script nonce=\"b3cfe74998a5a274371d07091ff63cdd\">(()=>{const c=[{id:\"deploymentAuthorizedActions\",pathTemplate:\"/api/agent/deployments/:orgId/authorized_actions\",method:\"GET\",bodyTemplate:void 0,queryKeyTemplate:[\"DeploymentService\",\"GetDeploymentAuthorizedActions\",{request:{deploymentId:\":orgId\"}}],isInfiniteQuery:!1,priorityRoutes:[]},{id:\"findingCounts-sast\",pathTemplate:\"/api/agent/deployments/:orgId/issue_counts\",method:\"POST\",bodyTemplate:{issueType:\"ISSUE_TYPE_SAST\",issueTypes:[\"ISSUE_TYPE_SAST\"],filter:{tab:\"ISSUE_TAB_OPEN\",onPrimaryBranch:!0}},queryKeyTemplate:[\"IssuesService\",\"GetIssueCounts\",{request:{deploymentId:\":orgId\",issueType:\"ISSUE_TYPE_SAST\",issueTypes:[\"ISSUE_TYPE_SAST\"],filter:{tab:\"ISSUE_TAB_OPEN\",onPrimaryBranch:!0}}}],i"
},
{
"path": "/api/openapi.json",
"statusCode": 404,
"contentType": "application/json",
"valid": false,
"issue": "OpenAPI JSON document did not match the expected shape. unsupported version: ; missing info.title; missing info.version; no paths defined; no operations defined.",
"compatibleContentType": true,
"format": "json",
"version": "",
"pathCount": 0,
"operationCount": 0,
"operationWarnings": [
{
"field": "servers",
"issue": "No servers array declared."
},
{
"field": "components.securitySchemes",
"issue": "No security schemes or explicit no-auth declaration."
}
],
"hasServers": false,
"hasSecuritySchemes": false,
"hasExplicitNoAuth": false,
"rawExcerpt": "{\"error\":\"The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.\"}"
},
{
"path": "/api/swagger.json",
"statusCode": 404,
"contentType": "application/json",
"valid": false,
"issue": "OpenAPI JSON document did not match the expected shape. unsupported version: ; missing info.title; missing info.version; no paths defined; no operations defined.",
"compatibleContentType": true,
"format": "json",
"version": "",
"pathCount": 0,
"operationCount": 0,
"operationWarnings": [
{
"field": "servers",
"issue": "No servers array declared."
},
{
"field": "components.securitySchemes",
"issue": "No security schemes or explicit no-auth declaration."
}
],
"hasServers": false,
"hasSecuritySchemes": false,
"hasExplicitNoAuth": false,
"rawExcerpt": "{\"error\":\"The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.\"}"
},
{
"path": "/docs/openapi.json",
"statusCode": 404,
"contentType": "text/plain;charset=UTF-8",
"valid": false,
"issue": "OpenAPI YAML document did not match the expected shape. unsupported version: ; missing info block with title and version; missing paths block; no operations found.",
"compatibleContentType": true,
"format": "yaml",
"version": "",
"pathCount": 0,
"operationCount": 0,
"rawExcerpt": "Asset not found"
}
]
},
"issue": "OpenAPI YAML document did not match the expected shape. Content-Type \"text/html; charset=utf-8\" is not a recognized type; unsupported version: ; missing info block with title and version; missing paths block; no operations found.",
"howToFix": "Publish a valid OpenAPI 3.x or Swagger 2.0 JSON/YAML document with info, paths, operations, and responses."
}
]
}AI DiscoverabilityContent ReadinessEstablished
Semantic HTML
Semantic HTML is missing or incomplete.
33 Fail
AI DiscoverabilityContent ReadinessEstablished
Semantic HTML
Semantic HTML is missing or incomplete.
Needs attention
Semantic HTML
Issue
Semantic HTML is incomplete: missing <main> landmark; skipped heading levels; 0/1 applicable form inputs have autocomplete attributes (1 missing); missing alt text on >10% of images.
Details
Why it matters
Semantic HTML gives browsers, assistive technology, search systems, and agents reliable landmarks, headings, controls, form semantics, and image context.
Check name
Semantic HTML
Score
0/100
Status
fail
Category
Content Readiness
Maturity
Established
Goal
Expose readable page structure through semantic HTML and accessible controls.
Result
Semantic HTML is missing or incomplete.
Evidence
{
"main": false,
"nav": true,
"footer": true,
"meaningfulH1": true,
"headingOrder": false,
"accessibleLinks": true,
"accessibleButtons": true,
"imageAltCoverage": false,
"formAutocompleteCoverage": false,
"details": {
"inaccessibleLinks": [],
"inaccessibleButtons": [],
"missingAutocompleteInputs": [
"<input type=\"email\" placeholder=\"Enter your email\" class=\"dark\">"
],
"imagesMissingAlt": [
"<img class=\"arrow\" src=\"https://semgrep.dev/build/assets/down-arrow-DesGgE7y.svg\" aria-label=\"select to open or collapse Products dropdown\" role=\"button\" aria-expanded=\"false\">",
"<img class=\"arrow\" src=\"https://semgrep.dev/build/assets/down-arrow-DesGgE7y.svg\" aria-label=\"select to open or collapse Solutions dropdown\" role=\"button\" aria-expanded=\"false\">",
"<img class=\"arrow\" src=\"https://semgrep.dev/build/assets/down-arrow-DesGgE7y.svg\" aria-label=\"select to open or collapse Resources dropdown\" role=\"button\" aria-expanded=\"false\">",
"<img class=\"arrow\" src=\"https://semgrep.dev/build/assets/down-arrow-DesGgE7y.svg\" aria-label=\"select to open or collapse Company dropdown\" role=\"button\" aria-expanded=\"false\">",
"<img src=\"/assets/icons/code.svg\">",
"<img src=\"/assets/icons/shield.svg\">",
"<img src=\"/assets/icons/secrets.svg\">",
"<img src=\"/assets/icons/assistant.svg\">",
"<img src=\"/assets/icons/cloud.svg\">",
"<img src=\"/assets/icons/zap.svg\">",
"<img src=\"/assets/icons/vibe-code-icon.svg\">",
"<img src=\"/assets/icons/software-supply-chain-security-icon.svg\">",
"<img src=\"/assets/icons/sast-icon.svg\">",
"<img src=\"/assets/icons/owasp-t10.svg\">",
"<img src=\"/assets/icons/shield-1.svg\">",
"<img src=\"/assets/icons/money.svg\">",
"<img src=\"/assets/icons/cloud.svg\">",
"<img src=\"/assets/icons/book.svg\">",
"<img src=\"/assets/icons/file-text.svg\">",
"<img src=\"/assets/icons/money.svg\">",
"<img src=\"/assets/icons/calendar.svg\">",
"<img src=\"/assets/icons/calendar.svg\">",
"<img src=\"/assets/icons/file-text.svg\">",
"<img src=\"/assets/icons/zap.svg\">",
"<img src=\"/assets/icons/calendar.svg\">",
"<img src=\"/assets/icons/rocket-icon.svg\">",
"<img src=\"/assets/icons/briefcase-icon.svg\">",
"<img src=\"/assets/icons/handshake-icon.svg\">",
"<img loading=\"lazy\" class=\"display-image \" src=\"/assets/home-hero-2602.svg\">",
"<img height=\"1\" width=\"1\" style=\"display:none\" src=\"https://www.facebook.com/tr?id=1153975365383030&ev=PageView&noscript=1\">",
"<img src=\"https://t.co/1/i/adsct?bci=4&dv=Asia%2FCalcutta%26en-US%2Cen%26Google%20Inc.%26Linux%20x86_64%26255%26800%26600%261%2624%26800%26600%260%26na&eci=3&event=%7B%7D&event_id=26883612-a32d-4bb1-a219-769763d91c4a&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=cdf17d74-8548-4261-8fbe-2db8f9cfc46c&pt=Semgrep%20App%20Security%20Platform%20%7C%20AI-assisted%20SAST%2C%20SCA%20and%20Secrets%20Detection&tw_document_href=https%3A%2F%2Fsemgrep.dev%2F&",
"<img src=\"https://analytics.twitter.com/1/i/adsct?bci=4&dv=Asia%2FCalcutta%26en-US%2Cen%26Google%20Inc.%26Linux%20x86_64%26255%26800%26600%261%2624%26800%26600%260%26na&eci=3&event=%7B%7D&event_id=26883612-a32d-4bb1-a219-769763d91c4a&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=cdf17d74-8548-4261-8fbe-2db8f9cfc46c&pt=Semgrep%20App%20Security%20Platform%20%7C%20AI-assisted%20SAST%2C%20SCA%20and%20Secrets%20Detection&tw_document_href=https%3A%2F%2Fs"
],
"skippedHeadingLevels": [
"h1: Code Security for Builders",
"h2: Built for Builders, Trusted by Security",
"h5: Empower invention without friction",
"h5: Prevention at the Source",
"h5: Make Zero False Positives a Reality",
"h5: Smarter as You Build",
"h2: The high signal code security platform",
"h3: Semgrep Code (SAST)",
"h3: Semgrep Supply Chain (SCA)",
"h3: Semgrep Secrets Scanning",
"h3: Security for AI-powered software development",
"h4: AI is now a builder on your team. Let it move fast without breaking things. Secure AI-generated code at the source – before it ships – with the Semgrep MCP server.",
"h2: AI woven across the AppSec lifecycle",
"h3: Detect What Matters",
"h4: Detect complex issues like IDORs, broken authorization, and multi-step logic flaws. Combine deterministic static analysis with AI reasoning to understand naming, structure, and developer intent – going beyond pattern matching.",
"h3: Noise Filtering",
"h4: Prioritize what matters. Eliminate what doesn’t. Automatically triage findings using code context, patterns, and prior decisions. Provisionally ignore false positives so AppSec teams focus on real risk. Don’t audit alerts. Automate them away.",
"h3: Remediation",
"h4: Turn findings into safe, actionable fixes – fast. Generate tailored remediation and upgrade guidance directly in PRs and IDEs. Security stops being a blocker. Developers fix issues safely with confidence, not guesswork.",
"h3: Prevention",
"h4: Learn once, prevent forever. Human triage decisions create reusable “memories” that suppress repeat false positives automatically. Signal compounds over time. False positives don’t come back.",
"h3: Works where you build. Connects where your software runs",
"h3: Code security that unifies teams, accelerates delivery, and reduces real risk",
"h4: For Developers",
"h4: For AppSec Teams",
"h4: For CISOs",
"h2: No buzzwords, just real world results",
"h3: Protect your code with secure guardrails",
"h4: Stay up to date"
]
},
"counts": {
"h1": 1,
"headings": 29,
"links": 133,
"inaccessibleLinks": 0,
"buttons": 4,
"inaccessibleButtons": 0,
"images": 105,
"imagesWithAlt": 73,
"autocompleteInputs": 1,
"inputsWithAutocomplete": 0,
"missingAutocompleteInputs": 1
}
}Security & TrustSecurity & TrustEstablished
Content-Security-Policy
Content-Security-Policy is missing or incomplete.
25 Fail
Security & TrustSecurity & TrustEstablished
Content-Security-Policy
Content-Security-Policy is missing or incomplete.
Needs attention
Content-Security-Policy
Issue
Content-Security-Policy is missing or incomplete.
Why it matters
Content Security Policy limits where scripts, styles, frames, and connections can load from, reducing the impact of injection bugs.
Check name
Content-Security-Policy
Score
0/100
Status
fail
Category
Security & Trust
Maturity
Established
Goal
Constrain script, style, frame, and resource loading with a Content-Security-Policy header.
Result
Content-Security-Policy is missing or incomplete.
Evidence
{
"header": "content-security-policy",
"value": null
}Security & TrustSecurity & TrustEstablished
Frame protection
Frame protection is missing or incomplete.
25 Fail
Security & TrustSecurity & TrustEstablished
Frame protection
Frame protection is missing or incomplete.
Needs attention
Frame protection
Issue
Frame protection is missing or incomplete.
Why it matters
Frame protection blocks hostile sites from embedding pages in deceptive frames, reducing clickjacking risk.
Check name
Frame protection
Score
0/100
Status
fail
Category
Security & Trust
Maturity
Established
Goal
Prevent unwanted framing with X-Frame-Options or CSP frame-ancestors.
Result
Frame protection is missing or incomplete.
Evidence
{
"xFrameOptions": null,
"validXFrame": false,
"contentSecurityPolicy": null,
"cspFrameAncestors": false
}Security & TrustSecurity & TrustEstablished
Referrer-Policy
Referrer-Policy is missing or incomplete.
25 Fail
Security & TrustSecurity & TrustEstablished
Referrer-Policy
Referrer-Policy is missing or incomplete.
Needs attention
Referrer-Policy
Issue
Referrer-Policy is missing or incomplete.
Why it matters
Referrer-Policy controls how much URL context is sent to other origins, limiting accidental leakage of paths, queries, and identifiers.
Check name
Referrer-Policy
Score
0/100
Status
fail
Category
Security & Trust
Maturity
Established
Goal
Limit how much referrer data leaves the site.
Result
Referrer-Policy is missing or incomplete.
Evidence
{
"header": "referrer-policy",
"value": null
}Security & TrustSecurity & TrustEstablished
X-Content-Type-Options
X-Content-Type-Options is missing or incomplete.
25 Fail
Security & TrustSecurity & TrustEstablished
X-Content-Type-Options
X-Content-Type-Options is missing or incomplete.
Needs attention
X-Content-Type-Options
Issue
X-Content-Type-Options is missing or incomplete.
Why it matters
X-Content-Type-Options prevents browsers from treating mislabeled files as executable content, reducing content-sniffing attacks.
Check name
X-Content-Type-Options
Score
0/100
Status
fail
Category
Security & Trust
Maturity
Established
Goal
Prevent MIME sniffing for browser-loaded resources.
Result
X-Content-Type-Options is missing or incomplete.
Evidence
{
"header": "x-content-type-options",
"value": null
}Agent Ease of UseAPIEstablished
API Catalog
API Catalog failed at "Validate RFC 9727 linkset".
22 Fail
Agent Ease of UseAPIEstablished
API Catalog
API Catalog failed at "Validate RFC 9727 linkset".
Needs attention
API Catalog
Issue
Response is not valid JSON.
Why it matters
API catalogs help agents find service descriptions, documentation, and status resources without guessing API entry points.
Check name
API Catalog
Score
33/100
Status
fail
Category
API
Maturity
Established
Goal
Publish an API catalog for automated API discovery using RFC 9727.
Result
API Catalog failed at "Validate RFC 9727 linkset".
Validation steps
Validate RFC 9727 linkset
Response is not valid JSON.
Fetch advertised API catalog targets
API Catalog did not expose any same-origin hrefs to validate.
Evidence
{
"failedStep": "validate",
"steps": [
{
"id": "fetch",
"title": "Fetch API catalog",
"status": "pass",
"evidence": {
"statusCode": 200,
"contentType": "text/html; charset=utf-8"
},
"howToFix": "Publish /.well-known/api-catalog."
},
{
"id": "validate",
"title": "Validate RFC 9727 linkset",
"status": "fail",
"evidence": {
"valid": false,
"compatibleContentType": false,
"issue": "Response is not valid JSON.",
"rawExcerpt": "<!doctype html>\n<html lang=\"en\">\n <head>\n <script nonce=\"c7267e9c0cb6dd9a8713a3eb11730d69\">(()=>{const c=[{id:\"deploymentAuthorizedActions\",pathTemplate:\"/api/agent/deployments/:orgId/authorized_actions\",method:\"GET\",bodyTemplate:void 0,queryKeyTemplate:[\"DeploymentService\",\"GetDeploymentAuthorizedActions\",{request:{deploymentId:\":orgId\"}}],isInfiniteQuery:!1,priorityRoutes:[]},{id:\"findingCounts-sast\",pathTemplate:\"/api/agent/deployments/:orgId/issue_counts\",method:\"POST\",bodyTemplate:{issueType:\"ISSUE_TYPE_SAST\",issueTypes:[\"ISSUE_TYPE_SAST\"],filter:{tab:\"ISSUE_TAB_OPEN\",onPrimaryBranch:!0}},queryKeyTemplate:[\"IssuesService\",\"GetIssueCounts\",{request:{deploymentId:\":orgId\",issueType:\"ISSUE_TYPE_SAST\",issueTypes:[\"ISSUE_TYPE_SAST\"],filter:{tab:\"ISSUE_TAB_OPEN\",onPrimaryBranch:!0}}}],i"
},
"issue": "Response is not valid JSON.",
"howToFix": "Use application/linkset+json with service-desc, service-doc, and status relations that each include href."
},
{
"id": "target-validation",
"title": "Fetch advertised API catalog targets",
"status": "fail",
"evidence": {
"checked": [],
"failures": [
{
"reason": "No same-origin API catalog hrefs were available to fetch."
}
]
},
"issue": "API Catalog did not expose any same-origin hrefs to validate.",
"howToFix": "Make each same-origin API catalog href reachable and serve the advertised media type."
}
]
}AI DiscoverabilityDiscoverabilityEstablished
FAQPage schema
FAQPage schema is missing or incomplete.
20 Fail
AI DiscoverabilityDiscoverabilityEstablished
FAQPage schema
FAQPage schema is missing or incomplete.
Needs attention
FAQPage schema
Issue
FAQ content was detected but no FAQPage schema was found.
Why it matters
FAQPage schema lets agents extract visible question-and-answer content cleanly and avoid guessing which text is an answer.
Check name
FAQPage schema
Score
0/100
Status
fail
Category
Discoverability
Maturity
Established
Goal
Expose question-and-answer content in FAQPage structured data when FAQs are present.
Result
FAQPage schema is missing or incomplete.
Evidence
{
"found": false,
"visibleFaq": true,
"allTypes": []
}AI DiscoverabilityDiscoverabilityEstablished
High-value schema types
High-value schema types is missing or incomplete.
20 Fail
AI DiscoverabilityDiscoverabilityEstablished
High-value schema types
High-value schema types is missing or incomplete.
Needs attention
High-value schema types
Issue
No high-value schema types (e.g. Article, Product, Service) were found.
Why it matters
High-value schema types tell agents whether a page is an article, product, event, service, or other actionable content type.
Check name
High-value schema types
Score
0/100
Status
fail
Category
Discoverability
Maturity
Established
Goal
Use schema types that describe the page's primary content or offering.
Result
High-value schema types is missing or incomplete.
Evidence
{
"found": [],
"expected": [
"Article",
"BlogPosting",
"NewsArticle",
"Product",
"SoftwareApplication",
"FAQPage",
"LocalBusiness",
"VideoObject",
"HowTo",
"Event",
"Course",
"Review",
"Service"
],
"allTypes": []
}AI DiscoverabilityDiscoverabilityEstablished
JSON-LD present
JSON-LD present is missing or incomplete.
20 Fail
AI DiscoverabilityDiscoverabilityEstablished
JSON-LD present
JSON-LD present is missing or incomplete.
Needs attention
JSON-LD present
Issue
No JSON-LD blocks found.
Why it matters
JSON-LD is a low-friction structured data format that agents can extract without interpreting page presentation or microdata markup.
Check name
JSON-LD present
Score
0/100
Status
fail
Category
Discoverability
Maturity
Established
Goal
Expose schema.org JSON-LD so AI search systems can parse page entities.
Result
JSON-LD present is missing or incomplete.
Evidence
{
"blocks": 0,
"validBlocks": 0,
"schemaContextBlocks": 0,
"errors": [],
"documents": [],
"nodes": []
}AI DiscoverabilityDiscoverabilityEstablished
Link headers
Link headers failed at "Find useful Link headers".
20 Fail
AI DiscoverabilityDiscoverabilityEstablished
Link headers
Link headers failed at "Find useful Link headers".
Needs attention
Link headers
Issue
No useful agent discovery Link headers were found.
Why it matters
Link headers let automated clients discover API catalogs, documentation, and machine-readable alternates without parsing page markup first.
Check name
Link headers
Score
0/100
Status
fail
Category
Discoverability
Maturity
Established
Goal
Include Link response headers for agent discovery using RFC 8288.
Result
Link headers failed at "Find useful Link headers".
Validation steps
Find useful Link headers
No useful agent discovery Link headers were found.
Fetch same-origin Link header targets
Link headers did not expose any same-origin targets to validate.
Evidence
{
"failedStep": "presence",
"steps": [
{
"id": "presence",
"title": "Find useful Link headers",
"status": "fail",
"evidence": {
"links": []
},
"issue": "No useful agent discovery Link headers were found.",
"howToFix": "Expose useful Link headers such as rel=\"api-catalog\", rel=\"service-doc\", and rel=\"service-desc\"."
},
{
"id": "target-validation",
"title": "Fetch same-origin Link header targets",
"status": "fail",
"evidence": {
"checked": [],
"failures": [
{
"reason": "No same-origin Link header targets were available to fetch."
}
]
},
"issue": "Link headers did not expose any same-origin targets to validate.",
"howToFix": "Make each same-origin Link href reachable and serve the advertised media type."
}
]
}AI DiscoverabilityDiscoverabilityEstablished
Organization / WebSite schema
Organization / WebSite schema is missing or incomplete.
20 Fail
AI DiscoverabilityDiscoverabilityEstablished
Organization / WebSite schema
Organization / WebSite schema is missing or incomplete.
Needs attention
Organization / WebSite schema
Issue
Neither Organization nor WebSite schema types were found in JSON-LD.
Why it matters
Organization and WebSite schema help agents identify the publisher, canonical site identity, logo, and related profiles for attribution.
Check name
Organization / WebSite schema
Score
0/100
Status
fail
Category
Discoverability
Maturity
Established
Goal
Identify the site owner and website entity in structured data.
Result
Organization / WebSite schema is missing or incomplete.
Evidence
{
"found": [],
"allTypes": []
}Agent Ease of UseAPIEmerging recommendation
AI context endpoint
AI context endpoint failed at "Validate resource body".
17 Fail
Agent Ease of UseAPIEmerging recommendation
AI context endpoint
AI context endpoint failed at "Validate resource body".
Needs attention
AI context endpoint
Issue
Content-Type "text/html; charset=utf-8" is not JSON, Markdown, or text/plain.
Why it matters
A context endpoint gives agents a small, low-latency summary of product purpose, safe actions, and canonical machine-readable resources without scraping the whole site.
Check name
AI context endpoint
Score
50/100
Status
fail
Category
API
Maturity
Emerging recommendation
Goal
Expose a compact API context endpoint agents can fetch before deciding which public API or discovery resource to use.
Result
AI context endpoint failed at "Validate resource body".
Validation steps
Validate resource body
Content-Type "text/html; charset=utf-8" is not JSON, Markdown, or text/plain.
Evidence
{
"failedStep": "validate",
"steps": [
{
"id": "fetch",
"title": "Fetch discovery resource",
"status": "pass",
"evidence": {
"path": "/context",
"statusCode": 200,
"contentType": "text/html; charset=utf-8"
}
},
{
"id": "validate",
"title": "Validate resource body",
"status": "fail",
"evidence": {
"valid": false,
"compatibleContentType": false,
"issue": "Content-Type \"text/html; charset=utf-8\" is not JSON, Markdown, or text/plain.",
"rawExcerpt": "<!doctype html>\n<html lang=\"en\">\n <head>\n <script nonce=\"e9594681a89e0c033d9d1f91bc7f28a6\">(()=>{const c=[{id:\"deploymentAuthorizedActions\",pathTemplate:\"/api/agent/deployments/:orgId/authorized_actions\",method:\"GET\",bodyTemplate:void 0,queryKeyTemplate:[\"DeploymentService\",\"GetDeploymentAuthorizedActions\",{request:{deploymentId:\":orgId\"}}],isInfiniteQuery:!1,priorityRoutes:[]},{id:\"findingCounts-sast\",pathTemplate:\"/api/agent/deployments/:orgId/issue_counts\",method:\"POST\",bodyTemplate:{issueType:\"ISSUE_TYPE_SAST\",issueTypes:[\"ISSUE_TYPE_SAST\"],filter:{tab:\"ISSUE_TAB_OPEN\",onPrimaryBranch:!0}},queryKeyTemplate:[\"IssuesService\",\"GetIssueCounts\",{request:{deploymentId:\":orgId\",issueType:\"ISSUE_TYPE_SAST\",issueTypes:[\"ISSUE_TYPE_SAST\"],filter:{tab:\"ISSUE_TAB_OPEN\",onPrimaryBranch:!0}}}],i"
},
"issue": "Content-Type \"text/html; charset=utf-8\" is not JSON, Markdown, or text/plain.",
"howToFix": "Publish a concise JSON or Markdown AI context endpoint describing the product, public actions, and machine-readable resources."
}
]
}AI DiscoverabilityBot Access ControlInformational
Web Bot Auth request signing
Web Bot Auth request signing failed at "Validate resource body".
17 Fail
AI DiscoverabilityBot Access ControlInformational
Web Bot Auth request signing
Web Bot Auth request signing failed at "Validate resource body".
Needs attention
Web Bot Auth request signing
Issue
Response is not valid JSON.
Why it matters
Web Bot Auth discovery lets servers and clients find signing keys for bot identity workflows based on HTTP Message Signatures.
Check name
Web Bot Auth request signing
Score
50/100
Status
fail
Category
Bot Access Control
Maturity
Informational
Goal
Advertise HTTP Message Signatures keys when this site operates signed bot clients or supports Web Bot Auth workflows.
Result
Web Bot Auth request signing failed at "Validate resource body".
Validation steps
Validate resource body
Response is not valid JSON.
Evidence
{
"failedStep": "validate",
"steps": [
{
"id": "fetch",
"title": "Fetch discovery resource",
"status": "pass",
"evidence": {
"path": "/.well-known/http-message-signatures-directory",
"statusCode": 200,
"contentType": "text/html; charset=utf-8"
}
},
{
"id": "validate",
"title": "Validate resource body",
"status": "fail",
"evidence": {
"valid": false,
"validJson": false,
"compatibleContentType": false,
"issue": "Response is not valid JSON.",
"rawExcerpt": "<!doctype html>\n<html lang=\"en\">\n <head>\n <script nonce=\"ae993950403780d439faff4bb50c3ee9\">(()=>{const c=[{id:\"deploymentAuthorizedActions\",pathTemplate:\"/api/agent/deployments/:orgId/authorized_actions\",method:\"GET\",bodyTemplate:void 0,queryKeyTemplate:[\"DeploymentService\",\"GetDeploymentAuthorizedActions\",{request:{deploymentId:\":orgId\"}}],isInfiniteQuery:!1,priorityRoutes:[]},{id:\"findingCounts-sast\",pathTemplate:\"/api/agent/deployments/:orgId/issue_counts\",method:\"POST\",bodyTemplate:{issueType:\"ISSUE_TYPE_SAST\",issueTypes:[\"ISSUE_TYPE_SAST\"],filter:{tab:\"ISSUE_TAB_OPEN\",onPrimaryBranch:!0}},queryKeyTemplate:[\"IssuesService\",\"GetIssueCounts\",{request:{deploymentId:\":orgId\",issueType:\"ISSUE_TYPE_SAST\",issueTypes:[\"ISSUE_TYPE_SAST\"],filter:{tab:\"ISSUE_TAB_OPEN\",onPrimaryBranch:!0}}}],i"
},
"issue": "Response is not valid JSON.",
"howToFix": "If publishing Web Bot Auth keys, return a JSON key directory with a non-empty keys array and the draft media type."
}
]
}Agent Ease of UseMCPEmerging recommendation
MCP Server Card
MCP Server Card failed at "Validate resource body".
16 Fail
Agent Ease of UseMCPEmerging recommendation
MCP Server Card
MCP Server Card failed at "Validate resource body".
Needs attention
MCP Server Card
Issue
Response is not valid JSON.
Why it matters
MCP Server Cards help agents discover server transports, capabilities, and protocol details before opening an MCP session.
Check name
MCP Server Card
Score
38/100
Status
fail
Category
MCP
Maturity
Emerging recommendation
Goal
Publish an MCP Server Card for agent discovery.
Result
MCP Server Card failed at "Validate resource body".
Validation steps
Validate resource body
Response is not valid JSON.
Verify advertised MCP transport endpoints
At least one same-origin transport failed MCP initialize or advertised capability list probes. See probes[].capabilityProbes for the exact method, status, JSON-RPC error, and response excerpt.
Verify advertised MCP tool execution
MCP discovery passed, but no advertised tool could be safely executed by this scanner.
Evidence
{
"failedStep": "validate",
"steps": [
{
"id": "fetch",
"title": "Fetch discovery resource",
"status": "pass",
"evidence": {
"path": "/.well-known/mcp/server-card.json",
"statusCode": 200,
"contentType": "text/html; charset=utf-8"
}
},
{
"id": "validate",
"title": "Validate resource body",
"status": "fail",
"evidence": {
"valid": false,
"validJson": false,
"compatibleContentType": false,
"issue": "Response is not valid JSON.",
"rawExcerpt": "<!doctype html>\n<html lang=\"en\">\n <head>\n <script nonce=\"64870d59668f2d544f01044abcdd5927\">(()=>{const c=[{id:\"deploymentAuthorizedActions\",pathTemplate:\"/api/agent/deployments/:orgId/authorized_actions\",method:\"GET\",bodyTemplate:void 0,queryKeyTemplate:[\"DeploymentService\",\"GetDeploymentAuthorizedActions\",{request:{deploymentId:\":orgId\"}}],isInfiniteQuery:!1,priorityRoutes:[]},{id:\"findingCounts-sast\",pathTemplate:\"/api/agent/deployments/:orgId/issue_counts\",method:\"POST\",bodyTemplate:{issueType:\"ISSUE_TYPE_SAST\",issueTypes:[\"ISSUE_TYPE_SAST\"],filter:{tab:\"ISSUE_TAB_OPEN\",onPrimaryBranch:!0}},queryKeyTemplate:[\"IssuesService\",\"GetIssueCounts\",{request:{deploymentId:\":orgId\",issueType:\"ISSUE_TYPE_SAST\",issueTypes:[\"ISSUE_TYPE_SAST\"],filter:{tab:\"ISSUE_TAB_OPEN\",onPrimaryBranch:!0}}}],i"
},
"issue": "Response is not valid JSON.",
"howToFix": "Publish an MCP server card with valid transports and make each advertised local endpoint answer an MCP initialize request."
},
{
"id": "endpoint-verification",
"title": "Verify advertised MCP transport endpoints",
"status": "fail",
"evidence": {
"probes": []
},
"issue": "At least one same-origin transport failed MCP initialize or advertised capability list probes. See probes[].capabilityProbes for the exact method, status, JSON-RPC error, and response excerpt.",
"howToFix": "Expose a real MCP endpoint for advertised transports, or remove transports that point to ordinary HTTP APIs."
},
{
"id": "tool-execution",
"title": "Verify advertised MCP tool execution",
"status": "warning",
"evidence": {
"probes": []
},
"issue": "MCP discovery passed, but no advertised tool could be safely executed by this scanner.",
"howToFix": "Implement tools/call for advertised tools, or report the MCP card as discovery-only until tools are executable."
}
]
}Agent Ease of UseSkill DiscoveryEmerging recommendation
DNS-AID Agent Discovery
DNS-AID Agent Discovery failed at "Resolve DNS-AID SVCB/HTTPS records".
15 Fail
Agent Ease of UseSkill DiscoveryEmerging recommendation
DNS-AID Agent Discovery
DNS-AID Agent Discovery failed at "Resolve DNS-AID SVCB/HTTPS records".
Needs attention
DNS-AID Agent Discovery
Issue
No DNS-AID entrypoint records were found under _agents.
Why it matters
DNS-AID lets agents discover index, A2A, and other agent entrypoints before fetching HTTP metadata, while DNSSEC can authenticate the discovery zone.
Check name
DNS-AID Agent Discovery
Score
25/100
Status
fail
Category
Skill Discovery
Maturity
Emerging recommendation
Goal
Publish DNS for AI Discovery records under _agents for DNS-based agent entrypoint discovery.
Result
DNS-AID Agent Discovery failed at "Resolve DNS-AID SVCB/HTTPS records".
Validation steps
Resolve DNS-AID SVCB/HTTPS records
No DNS-AID entrypoint records were found under _agents.
Validate alpn and endpoint parameters
Include alpn and endpoint service parameters in each DNS-AID record so agents know the protocol and target entrypoint.
Check DNSSEC material
DNSSEC material was not visible for the hostname or parent zone from this resolver.
Evidence
{
"failedStep": "svcb-https-records",
"steps": [
{
"id": "svcb-https-records",
"title": "Resolve DNS-AID SVCB/HTTPS records",
"status": "fail",
"evidence": {
"hostname": "semgrep.dev",
"probes": [
{
"name": "_index._agents.semgrep.dev",
"found": false,
"recordCount": 1,
"records": [],
"hasAlpn": false,
"hasEndpoint": false
},
{
"name": "_a2a._agents.semgrep.dev",
"found": false,
"recordCount": 1,
"records": [],
"hasAlpn": false,
"hasEndpoint": false
}
]
},
"issue": "No DNS-AID entrypoint records were found under _agents.",
"howToFix": "Publish ServiceMode SVCB/HTTPS records such as _index._agents.example.com or _a2a._agents.example.com."
},
{
"id": "service-params",
"title": "Validate alpn and endpoint parameters",
"status": "informational",
"evidence": {
"discovered": []
},
"howToFix": "Include alpn and endpoint service parameters in each DNS-AID record so agents know the protocol and target entrypoint."
},
{
"id": "dnssec",
"title": "Check DNSSEC material",
"status": "warning",
"evidence": {
"hasDnssecMaterial": false,
"checked": [
{
"name": "semgrep.dev",
"dnssecTypes": [],
"dnssecRecordCount": 0
}
]
},
"issue": "DNSSEC material was not visible for the hostname or parent zone from this resolver.",
"howToFix": "Sign the public discovery zone with DNSSEC so validating resolvers can return authenticated data."
}
]
}Agent Ease of UseSkill DiscoveryEmerging recommendation
Agent Skills index
Agent Skills index failed at "Validate resource body".
13 Fail
Agent Ease of UseSkill DiscoveryEmerging recommendation
Agent Skills index
Agent Skills index failed at "Validate resource body".
Needs attention
Agent Skills index
Issue
Response is not valid JSON.
Why it matters
An Agent Skills index lets clients find task-specific SKILL.md documents that describe how to use site capabilities correctly.
Check name
Agent Skills index
Score
33/100
Status
fail
Category
Skill Discovery
Maturity
Emerging recommendation
Goal
Publish an agent skills discovery index.
Result
Agent Skills index failed at "Validate resource body".
Validation steps
Validate resource body
Response is not valid JSON.
Fetch advertised SKILL.md files
One or more advertised skill URLs were missing, did not look like SKILL.md Markdown, or failed digest verification.
Evidence
{
"failedStep": "validate",
"steps": [
{
"id": "fetch",
"title": "Fetch discovery resource",
"status": "pass",
"evidence": {
"path": "/.well-known/agent-skills/index.json",
"statusCode": 200,
"contentType": "text/html; charset=utf-8"
}
},
{
"id": "validate",
"title": "Validate resource body",
"status": "fail",
"evidence": {
"valid": false,
"validJson": false,
"compatibleContentType": false,
"issue": "Response is not valid JSON.",
"rawExcerpt": "<!doctype html>\n<html lang=\"en\">\n <head>\n <script nonce=\"be7740b8b5e0e357e885758a8267ce6c\">(()=>{const c=[{id:\"deploymentAuthorizedActions\",pathTemplate:\"/api/agent/deployments/:orgId/authorized_actions\",method:\"GET\",bodyTemplate:void 0,queryKeyTemplate:[\"DeploymentService\",\"GetDeploymentAuthorizedActions\",{request:{deploymentId:\":orgId\"}}],isInfiniteQuery:!1,priorityRoutes:[]},{id:\"findingCounts-sast\",pathTemplate:\"/api/agent/deployments/:orgId/issue_counts\",method:\"POST\",bodyTemplate:{issueType:\"ISSUE_TYPE_SAST\",issueTypes:[\"ISSUE_TYPE_SAST\"],filter:{tab:\"ISSUE_TAB_OPEN\",onPrimaryBranch:!0}},queryKeyTemplate:[\"IssuesService\",\"GetIssueCounts\",{request:{deploymentId:\":orgId\",issueType:\"ISSUE_TYPE_SAST\",issueTypes:[\"ISSUE_TYPE_SAST\"],filter:{tab:\"ISSUE_TAB_OPEN\",onPrimaryBranch:!0}}}],i"
},
"issue": "Response is not valid JSON.",
"howToFix": "Publish an index with a non-empty skills array and reachable SKILL.md URLs."
},
{
"id": "skill-documents",
"title": "Fetch advertised SKILL.md files",
"status": "fail",
"evidence": {
"checkedCount": 0,
"totalCount": 0,
"checked": []
},
"issue": "One or more advertised skill URLs were missing, did not look like SKILL.md Markdown, or failed digest verification.",
"howToFix": "Make every advertised skill URL return Markdown with a top-level heading and a matching sha256 digest, or remove broken entries from the index."
}
]
}Agent Ease of UseMCPEmerging recommendation
mcp.json
mcp.json failed at "Validate resource body".
13 Fail
Agent Ease of UseMCPEmerging recommendation
mcp.json
mcp.json failed at "Validate resource body".
Needs attention
mcp.json
Issue
Response is not valid JSON.
Why it matters
MCP clients need trustworthy server metadata, protocol version, transport details, and capability hints before connecting to a remote MCP server.
Check name
mcp.json
Score
50/100
Status
fail
Category
MCP
Maturity
Emerging recommendation
Goal
Expose a stable MCP server metadata document that points agents to the site's MCP endpoint.
Result
mcp.json failed at "Validate resource body".
Validation steps
Validate resource body
Response is not valid JSON.
Evidence
{
"failedStep": "validate",
"steps": [
{
"id": "fetch",
"title": "Fetch discovery resource",
"status": "pass",
"evidence": {
"path": "/mcp.json",
"statusCode": 200,
"contentType": "text/html; charset=utf-8"
}
},
{
"id": "validate",
"title": "Validate resource body",
"status": "fail",
"evidence": {
"valid": false,
"validJson": false,
"compatibleContentType": false,
"issue": "Response is not valid JSON.",
"rawExcerpt": "<!doctype html>\n<html lang=\"en\">\n <head>\n <script nonce=\"08e220d55f362a9af0f0695377ca47f0\">(()=>{const c=[{id:\"deploymentAuthorizedActions\",pathTemplate:\"/api/agent/deployments/:orgId/authorized_actions\",method:\"GET\",bodyTemplate:void 0,queryKeyTemplate:[\"DeploymentService\",\"GetDeploymentAuthorizedActions\",{request:{deploymentId:\":orgId\"}}],isInfiniteQuery:!1,priorityRoutes:[]},{id:\"findingCounts-sast\",pathTemplate:\"/api/agent/deployments/:orgId/issue_counts\",method:\"POST\",bodyTemplate:{issueType:\"ISSUE_TYPE_SAST\",issueTypes:[\"ISSUE_TYPE_SAST\"],filter:{tab:\"ISSUE_TAB_OPEN\",onPrimaryBranch:!0}},queryKeyTemplate:[\"IssuesService\",\"GetIssueCounts\",{request:{deploymentId:\":orgId\",issueType:\"ISSUE_TYPE_SAST\",issueTypes:[\"ISSUE_TYPE_SAST\"],filter:{tab:\"ISSUE_TAB_OPEN\",onPrimaryBranch:!0}}}],i"
},
"issue": "Response is not valid JSON.",
"howToFix": "Publish mcp.json or an MCP server card with serverInfo, protocolVersion, transport endpoint, and capabilities."
}
]
}Agent Ease of UseMCPInformational
WebMCP manifest
WebMCP manifest failed at "Validate resource body".
13 Fail
Agent Ease of UseMCPInformational
WebMCP manifest
WebMCP manifest failed at "Validate resource body".
Needs attention
WebMCP manifest
Issue
Response is not valid JSON.
Why it matters
A WebMCP manifest advertises browser-exposed tools declaratively so agents can understand available site actions before invoking them.
Check name
WebMCP manifest
Score
50/100
Status
fail
Category
MCP
Maturity
Informational
Goal
Publish a WebMCP manifest for declarative browser tool discovery when using the draft manifest convention.
Result
WebMCP manifest failed at "Validate resource body".
Validation steps
Validate resource body
Response is not valid JSON.
Evidence
{
"failedStep": "validate",
"steps": [
{
"id": "fetch",
"title": "Fetch discovery resource",
"status": "pass",
"evidence": {
"path": "/.well-known/webmcp.json",
"statusCode": 200,
"contentType": "text/html; charset=utf-8"
}
},
{
"id": "validate",
"title": "Validate resource body",
"status": "fail",
"evidence": {
"valid": false,
"validJson": false,
"compatibleContentType": false,
"issue": "Response is not valid JSON.",
"rawExcerpt": "<!doctype html>\n<html lang=\"en\">\n <head>\n <script nonce=\"b3412713ef9e9386362124d5196d8657\">(()=>{const c=[{id:\"deploymentAuthorizedActions\",pathTemplate:\"/api/agent/deployments/:orgId/authorized_actions\",method:\"GET\",bodyTemplate:void 0,queryKeyTemplate:[\"DeploymentService\",\"GetDeploymentAuthorizedActions\",{request:{deploymentId:\":orgId\"}}],isInfiniteQuery:!1,priorityRoutes:[]},{id:\"findingCounts-sast\",pathTemplate:\"/api/agent/deployments/:orgId/issue_counts\",method:\"POST\",bodyTemplate:{issueType:\"ISSUE_TYPE_SAST\",issueTypes:[\"ISSUE_TYPE_SAST\"],filter:{tab:\"ISSUE_TAB_OPEN\",onPrimaryBranch:!0}},queryKeyTemplate:[\"IssuesService\",\"GetIssueCounts\",{request:{deploymentId:\":orgId\",issueType:\"ISSUE_TYPE_SAST\",issueTypes:[\"ISSUE_TYPE_SAST\"],filter:{tab:\"ISSUE_TAB_OPEN\",onPrimaryBranch:!0}}}],i"
},
"issue": "Response is not valid JSON.",
"howToFix": "Keep declarative WebMCP manifest discovery informational until the manifest shape stabilizes; validate tools if you publish one."
}
]
}Agent Ease of UseMCPInformational
WebMCP
WebMCP has a validation warning at "Validate WebMCP declarative annotation quality".
13 Warning
Agent Ease of UseMCPInformational
WebMCP
WebMCP has a validation warning at "Validate WebMCP declarative annotation quality".
Needs attention
WebMCP
Issue
WebMCP declarative annotations need fixes.
Details
Why it matters
WebMCP can expose page context and actions directly through the browser, giving agents safer structured hooks than screen scraping alone.
Check name
WebMCP
Score
50/100
Status
warning
Category
MCP
Maturity
Informational
Goal
Support WebMCP to expose site tools to AI agents via the browser.
Result
WebMCP has a validation warning at "Validate WebMCP declarative annotation quality".
Validation steps
Detect data-mcp-tool annotations
No data-mcp-tool attributes were found on interactive elements.
Detect WebMCP declarative tags
No elements found with tool-name or tool-description attributes.
Validate WebMCP declarative annotation quality
WebMCP declarative annotations need fixes.
WebMCP declarative annotation issues
<input> is missing a name attribute.<input> is missing a label.<input> is missing tool-param-description.<input> is missing a name attribute.<input> is missing a label.<input> is missing tool-param-description.
Detect WebMCP imperative API usage
navigator.modelContext.provideContext(), navigator.modelContext.registerTool(), or other imperative signals were not detected in rendered browser state.
Detect WebMCP browser navigator injection
navigator.modelContext was not detected in the rendered browser page.
Interactive surface coverage
Only 0% of interactive surfaces are annotated.
Evidence
{
"failedStep": "declarative-annotation-quality",
"steps": [
{
"id": "data-mcp-tool-attributes",
"title": "Detect data-mcp-tool annotations",
"status": "informational",
"evidence": {
"dataMcpToolCount": 0,
"dataMcpTools": []
},
"issue": "No data-mcp-tool attributes were found on interactive elements.",
"howToFix": "Add data-mcp-tool attributes to high-value forms, buttons, and links so generic MCP-aware tooling can identify intended actions."
},
{
"id": "declarative-tags",
"title": "Detect WebMCP declarative tags",
"status": "informational",
"evidence": {
"totalForms": 2,
"formsWithTags": 0,
"totalInteractive": 139,
"interactiveWithTags": 0,
"totalCount": 141,
"taggedCount": 0,
"dataMcpToolCount": 0,
"dataMcpTools": [],
"coverage": 0,
"annotationIssues": [
"<input> is missing a name attribute.",
"<input> is missing a label.",
"<input> is missing tool-param-description.",
"<input> is missing a name attribute.",
"<input> is missing a label.",
"<input> is missing tool-param-description."
]
},
"issue": "No elements found with tool-name or tool-description attributes.",
"howToFix": "Add tool-name and tool-description attributes to forms and interactive elements."
},
{
"id": "declarative-annotation-quality",
"title": "Validate WebMCP declarative annotation quality",
"status": "warning",
"evidence": {
"issueCount": 6,
"issues": [
"<input> is missing a name attribute.",
"<input> is missing a label.",
"<input> is missing tool-param-description.",
"<input> is missing a name attribute.",
"<input> is missing a label.",
"<input> is missing tool-param-description."
]
},
"issue": "WebMCP declarative annotations need fixes.",
"issueDetails": [
{
"title": "WebMCP declarative annotation issues",
"items": [
{
"type": "code",
"value": "<input> is missing a name attribute."
},
{
"type": "code",
"value": "<input> is missing a label."
},
{
"type": "code",
"value": "<input> is missing tool-param-description."
},
{
"type": "code",
"value": "<input> is missing a name attribute."
},
{
"type": "code",
"value": "<input> is missing a label."
},
{
"type": "code",
"value": "<input> is missing tool-param-description."
}
]
}
],
"howToFix": "Use snake_case tool-name values, descriptive tool-description values, named and labeled fields, and tool-param-description on inputs."
},
{
"id": "imperative-api",
"title": "Detect WebMCP imperative API usage",
"status": "informational",
"evidence": {
"staticSignals": {
"detected": false,
"matched": []
},
"browser": {
"checked": true,
"detected": false,
"hasNavigatorModelContext": false,
"modelContextType": "undefined",
"hasProvideContext": false,
"hasRegisterTool": false
}
},
"issue": "navigator.modelContext.provideContext(), navigator.modelContext.registerTool(), or other imperative signals were not detected in rendered browser state.",
"howToFix": "Use navigator.modelContext.provideContext() to register tools programmatically."
},
{
"id": "browser-navigator-injection",
"title": "Detect WebMCP browser navigator injection",
"status": "informational",
"evidence": {
"browser": {
"checked": true,
"detected": false,
"hasNavigatorModelContext": false,
"modelContextType": "undefined",
"hasProvideContext": false,
"hasRegisterTool": false
}
},
"issue": "navigator.modelContext was not detected in the rendered browser page.",
"howToFix": "Expose WebMCP through navigator.modelContext in the browser runtime when the page is intended to provide in-page tools."
},
{
"id": "surface-coverage",
"title": "Interactive surface coverage",
"status": "informational",
"evidence": {
"totalForms": 2,
"formsWithTags": 0,
"totalInteractive": 139,
"interactiveWithTags": 0,
"totalCount": 141,
"taggedCount": 0,
"dataMcpToolCount": 0,
"dataMcpTools": [],
"coverage": 0,
"annotationIssues": [
"<input> is missing a name attribute.",
"<input> is missing a label.",
"<input> is missing tool-param-description.",
"<input> is missing a name attribute.",
"<input> is missing a label.",
"<input> is missing tool-param-description."
]
},
"issue": "Only 0% of interactive surfaces are annotated.",
"howToFix": "Add WebMCP annotations to all forms and interactive elements to increase agent coverage."
}
],
"staticSignals": {
"detected": false,
"matched": []
},
"coverage": {
"totalForms": 2,
"formsWithTags": 0,
"totalInteractive": 139,
"interactiveWithTags": 0,
"totalCount": 141,
"taggedCount": 0,
"dataMcpToolCount": 0,
"dataMcpTools": [],
"coverage": 0,
"annotationIssues": [
"<input> is missing a name attribute.",
"<input> is missing a label.",
"<input> is missing tool-param-description.",
"<input> is missing a name attribute.",
"<input> is missing a label.",
"<input> is missing tool-param-description."
]
},
"browserWebMcp": {
"checked": true,
"detected": false,
"hasNavigatorModelContext": false,
"modelContextType": "undefined",
"hasProvideContext": false,
"hasRegisterTool": false
}
}Agent Ease of UseSkill DiscoveryEmerging recommendation
A2A Agent Card
A2A Agent Card failed at "Validate resource body".
10 Fail
Agent Ease of UseSkill DiscoveryEmerging recommendation
A2A Agent Card
A2A Agent Card failed at "Validate resource body".
Needs attention
A2A Agent Card
Issue
Response is not valid JSON.
Why it matters
A2A Agent Cards let compatible clients discover agent skills, input and output modes, and the endpoint used to invoke those skills.
Check name
A2A Agent Card
Score
50/100
Status
fail
Category
Skill Discovery
Maturity
Emerging recommendation
Goal
Publish an agent card so A2A-compatible clients can discover capabilities.
Result
A2A Agent Card failed at "Validate resource body".
Validation steps
Validate resource body
Response is not valid JSON.
Evidence
{
"failedStep": "validate",
"steps": [
{
"id": "fetch",
"title": "Fetch discovery resource",
"status": "pass",
"evidence": {
"path": "/.well-known/agent-card.json",
"statusCode": 200,
"contentType": "text/html; charset=utf-8"
}
},
{
"id": "validate",
"title": "Validate resource body",
"status": "fail",
"evidence": {
"valid": false,
"validJson": false,
"compatibleContentType": false,
"issue": "Response is not valid JSON.",
"rawExcerpt": "<!doctype html>\n<html lang=\"en\">\n <head>\n <script nonce=\"4f32edee2cb8131cf94ef26133fd7dc6\">(()=>{const c=[{id:\"deploymentAuthorizedActions\",pathTemplate:\"/api/agent/deployments/:orgId/authorized_actions\",method:\"GET\",bodyTemplate:void 0,queryKeyTemplate:[\"DeploymentService\",\"GetDeploymentAuthorizedActions\",{request:{deploymentId:\":orgId\"}}],isInfiniteQuery:!1,priorityRoutes:[]},{id:\"findingCounts-sast\",pathTemplate:\"/api/agent/deployments/:orgId/issue_counts\",method:\"POST\",bodyTemplate:{issueType:\"ISSUE_TYPE_SAST\",issueTypes:[\"ISSUE_TYPE_SAST\"],filter:{tab:\"ISSUE_TAB_OPEN\",onPrimaryBranch:!0}},queryKeyTemplate:[\"IssuesService\",\"GetIssueCounts\",{request:{deploymentId:\":orgId\",issueType:\"ISSUE_TYPE_SAST\",issueTypes:[\"ISSUE_TYPE_SAST\"],filter:{tab:\"ISSUE_TAB_OPEN\",onPrimaryBranch:!0}}}],i"
},
"issue": "Response is not valid JSON.",
"howToFix": "Publish an A2A Agent Card with required skill details and make the advertised url answer A2A JSON-RPC requests."
}
]
}Agent Ease of UseSkill DiscoveryEmerging recommendation
agent.json
agent.json failed at "Validate resource body".
10 Fail
Agent Ease of UseSkill DiscoveryEmerging recommendation
agent.json
agent.json failed at "Validate resource body".
Needs attention
agent.json
Issue
Response is not valid JSON.
Why it matters
agent.json is an emerging machine-readable manifest for declaring what a website does, how agents authenticate, and which actions or protocols are available.
Check name
agent.json
Score
50/100
Status
fail
Category
Skill Discovery
Maturity
Emerging recommendation
Goal
Publish the singular Agent Web Protocol agent.json manifest without confusing it with the separate agents.json directory convention.
Result
agent.json failed at "Validate resource body".
Validation steps
Validate resource body
Response is not valid JSON.
Evidence
{
"failedStep": "validate",
"steps": [
{
"id": "fetch",
"title": "Fetch discovery resource",
"status": "pass",
"evidence": {
"path": "/.well-known/agent.json",
"statusCode": 200,
"contentType": "text/html; charset=utf-8"
}
},
{
"id": "validate",
"title": "Validate resource body",
"status": "fail",
"evidence": {
"valid": false,
"validJson": false,
"compatibleContentType": false,
"issue": "Response is not valid JSON.",
"rawExcerpt": "<!doctype html>\n<html lang=\"en\">\n <head>\n <script nonce=\"ffc8b525072461370d4143a81e5e27d9\">(()=>{const c=[{id:\"deploymentAuthorizedActions\",pathTemplate:\"/api/agent/deployments/:orgId/authorized_actions\",method:\"GET\",bodyTemplate:void 0,queryKeyTemplate:[\"DeploymentService\",\"GetDeploymentAuthorizedActions\",{request:{deploymentId:\":orgId\"}}],isInfiniteQuery:!1,priorityRoutes:[]},{id:\"findingCounts-sast\",pathTemplate:\"/api/agent/deployments/:orgId/issue_counts\",method:\"POST\",bodyTemplate:{issueType:\"ISSUE_TYPE_SAST\",issueTypes:[\"ISSUE_TYPE_SAST\"],filter:{tab:\"ISSUE_TAB_OPEN\",onPrimaryBranch:!0}},queryKeyTemplate:[\"IssuesService\",\"GetIssueCounts\",{request:{deploymentId:\":orgId\",issueType:\"ISSUE_TYPE_SAST\",issueTypes:[\"ISSUE_TYPE_SAST\"],filter:{tab:\"ISSUE_TAB_OPEN\",onPrimaryBranch:!0}}}],i"
},
"issue": "Response is not valid JSON.",
"howToFix": "Publish agent.json with awp_version, domain, intent, and typed actions that point to real same-origin API or protocol endpoints."
}
]
}Agent Ease of UseSkill DiscoveryInformational
agents.json
agents.json failed at "Validate resource body".
10 Fail
Agent Ease of UseSkill DiscoveryInformational
agents.json
agents.json failed at "Validate resource body".
Needs attention
agents.json
Issue
Response is not valid JSON.
Why it matters
agents.json gives clients a simple directory of agent-facing capabilities and contacts when a site chooses to advertise them.
Check name
agents.json
Score
50/100
Status
fail
Category
Skill Discovery
Maturity
Informational
Goal
Publish an agents.json directory for agent-facing capabilities and contacts when using this convention.
Result
agents.json failed at "Validate resource body".
Validation steps
Validate resource body
Response is not valid JSON.
Evidence
{
"failedStep": "validate",
"steps": [
{
"id": "fetch",
"title": "Fetch discovery resource",
"status": "pass",
"evidence": {
"path": "/.well-known/agents.json",
"statusCode": 200,
"contentType": "text/html; charset=utf-8"
}
},
{
"id": "validate",
"title": "Validate resource body",
"status": "fail",
"evidence": {
"valid": false,
"validJson": false,
"compatibleContentType": false,
"issue": "Response is not valid JSON.",
"rawExcerpt": "<!doctype html>\n<html lang=\"en\">\n <head>\n <script nonce=\"05320186143b4847dbdfad5f1bc0fd23\">(()=>{const c=[{id:\"deploymentAuthorizedActions\",pathTemplate:\"/api/agent/deployments/:orgId/authorized_actions\",method:\"GET\",bodyTemplate:void 0,queryKeyTemplate:[\"DeploymentService\",\"GetDeploymentAuthorizedActions\",{request:{deploymentId:\":orgId\"}}],isInfiniteQuery:!1,priorityRoutes:[]},{id:\"findingCounts-sast\",pathTemplate:\"/api/agent/deployments/:orgId/issue_counts\",method:\"POST\",bodyTemplate:{issueType:\"ISSUE_TYPE_SAST\",issueTypes:[\"ISSUE_TYPE_SAST\"],filter:{tab:\"ISSUE_TAB_OPEN\",onPrimaryBranch:!0}},queryKeyTemplate:[\"IssuesService\",\"GetIssueCounts\",{request:{deploymentId:\":orgId\",issueType:\"ISSUE_TYPE_SAST\",issueTypes:[\"ISSUE_TYPE_SAST\"],filter:{tab:\"ISSUE_TAB_OPEN\",onPrimaryBranch:!0}}}],i"
},
"issue": "Response is not valid JSON.",
"howToFix": "If this site uses agents.json, publish JSON with an agents array containing name and url for each agent."
}
]
}GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
AIO: Visible structured data match
AIO: Visible structured data match scored 0/100 and needs a fix.
10 Fail
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
AIO: Visible structured data match
AIO: Visible structured data match scored 0/100 and needs a fix.
Needs attention
AIO: Visible structured data match
Issue
No JSON-LD structured data was detected.
Details
Why it matters
AI Overviews depend on Google-search eligibility, useful visible content, consistent structured data, answer-first sections, trust signals, and preview controls that permit snippets.
Check name
AIO: Visible structured data match
Score
0/100
Status
fail
Category
GEO, AIO & AEO
Maturity
Emerging recommendation
Goal
Make page content eligible and useful for Google AI Overviews and AI Mode extraction.
Result
AIO: Visible structured data match scored 0/100 and needs a fix.
Evidence
{
"schemaCount": 0,
"mismatches": [],
"score": 0,
"weight": 18
}GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
GEO: Extraction-friendly structure
GEO: Extraction-friendly structure scored 60/100 and needs improvement.
8 Warning
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
GEO: Extraction-friendly structure
GEO: Extraction-friendly structure scored 60/100 and needs improvement.
Needs attention
GEO: Extraction-friendly structure
Issue
Missing extraction signals: optional top summary / TL;DR / key takeaways block, table with <thead> only if the page already has tabular/comparative data, ordered list only if the page explains a workflow/process, optional visible FAQ or FAQPage schema, JSON-LD structured data.
Details
Why it matters
Generative engines favor pages with self-contained answer passages, clear entities, structured data, summaries, FAQ patterns, and crawler-accessible HTML that can be cited without extra interpretation.
Check name
GEO: Extraction-friendly structure
Score
60/100
Status
warning
Category
GEO, AIO & AEO
Maturity
Emerging recommendation
Goal
Make page content easy for AI answer engines to extract, cite, and attribute.
Result
GEO: Extraction-friendly structure scored 60/100 and needs improvement.
Evidence
{
"hasSummary": false,
"tableCount": 0,
"tablesWithHead": 0,
"tablesMissingThead": [],
"orderedLists": 0,
"hasFaq": false,
"definitionPatterns": 3,
"schemaBlocks": 0,
"missingSignals": [
"optional top summary / TL;DR / key takeaways block",
"table with <thead> only if the page already has tabular/comparative data",
"ordered list only if the page explains a workflow/process",
"optional visible FAQ or FAQPage schema",
"JSON-LD structured data"
],
"score": 60,
"weight": 24
}GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
AIO: Source and trust signals
AIO: Source and trust signals scored 40/100 and needs a fix.
6 Fail
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
AIO: Source and trust signals
AIO: Source and trust signals scored 40/100 and needs a fix.
Needs attention
AIO: Source and trust signals
Issue
Missing AIO trust signals: author, publisher, freshnessDate.
Details
Why it matters
AI Overviews depend on Google-search eligibility, useful visible content, consistent structured data, answer-first sections, trust signals, and preview controls that permit snippets.
Check name
AIO: Source and trust signals
Score
40/100
Status
fail
Category
GEO, AIO & AEO
Maturity
Emerging recommendation
Goal
Make page content eligible and useful for Google AI Overviews and AI Mode extraction.
Result
AIO: Source and trust signals scored 40/100 and needs a fix.
Evidence
{
"signals": {
"author": false,
"publisher": false,
"freshnessDate": false,
"aboutOrContact": true,
"policyLinks": true
},
"missing": [
"author",
"publisher",
"freshnessDate"
],
"authorMeta": "",
"schemaAuthors": [],
"schemaPublishers": [],
"schemaDates": [],
"visibleDates": [],
"aboutLinks": [
{
"href": "/blog/",
"text": "Blog Get the latest news about Semgrep",
"html": "<a class=\"nav-item\" href=\"/blog/\"> <img src=\"/assets/icons/file-text.svg\" alt> <div> <span>Blog</span> <p>Get the latest news about Semgrep</p> </div> </a>"
},
{
"href": "/about/",
"text": "About The Semgrep story & values",
"html": "<a class=\"nav-item\" href=\"/about/\"> <img src=\"/assets/icons/rocket-icon.svg\" alt=\"rocket icon\"> <div> <span>About</span> <p>The Semgrep story & values</p> </div> </a>"
},
{
"href": "/about/careers/",
"text": "Careers Join the team!",
"html": "<a class=\"nav-item\" href=\"/about/careers/\"> <img src=\"/assets/icons/briefcase-icon.svg\" alt=\"briefcase icon\"> <div> <span>Careers</span> <p>Join the team!</p> </div> </a>"
},
{
"href": "/about/",
"text": "About",
"html": "<a class=\"nav-item\" href=\"/about/\">About</a>"
},
{
"href": "/about/careers/",
"text": "Careers",
"html": "<a class=\"nav-item\" href=\"/about/careers/\">Careers</a>"
},
{
"href": "/products/semgrep-code",
"text": "Semgrep Code (SAST) Find and fix real vulnerabilities. Multimodal AI detection combines static analysis and AI reasoning to uncover OWASP risks, business logic flaws, and IDORs that traditional scanners miss. Learn about Code",
"html": "<a href=\"/products/semgrep-code\" class=\"card\" aria-label=\"Semgrep Code (SAST)\"> <img loading=\"lazy\" src=\"/assets/card_icon-code.svg\" alt> <h3>Semgrep Code (SAST)</h3> <div class=\"body\"><p>Find and fix real vulnerabilities.</p> <p>Multimodal AI detection combines static analysis and AI reasoning to uncover OWASP risks, business logic flaws, and IDORs that traditional scanners miss.</p> </div> <span>Learn about Code</span> </a>"
},
{
"href": "/products/semgrep-supply-chain-old",
"text": "Semgrep Supply Chain (SCA) Safely fix only what’s exploitable. Reachability analysis flags the dependencies that actually matter, reducing false positives in high and critical severity findings by up to 98%. Learn about Supply Chain",
"html": "<a href=\"/products/semgrep-supply-chain-old\" class=\"card\" aria-label=\"Semgrep Supply Chain (SCA)\"> <img loading=\"lazy\" src=\"/assets/card_icon-supply_chain.svg\" alt> <h3>Semgrep Supply Chain (SCA)</h3> <div class=\"body\"><p>Safely fix only what’s exploitable.</p> <p>Reachability analysis flags the dependencies that actually matter, reducing false positives in high and critical severity findings by up to 98%.</p> </div> <span>Learn about Supply Chain</span> </a>"
},
{
"href": "/products/semgrep-secrets",
"text": "Semgrep Secrets Scanning Stop secrets before they ship. Semantic analysis, entropy analysis, and validation detect hardcoded secrets and real credentials, blocking unsafe merges by default. Learn about Secrets",
"html": "<a href=\"/products/semgrep-secrets\" class=\"card\" aria-label=\"Semgrep Secrets Scanning\"> <img loading=\"lazy\" src=\"/assets/card_icon-secrets.svg\" alt> <h3>Semgrep Secrets Scanning</h3> <div class=\"body\"><p>Stop secrets before they ship.</p> <p>Semantic analysis, entropy analysis, and validation detect hardcoded secrets and real credentials, blocking unsafe merges by default.</p> </div> <span>Learn about Secrets</span> </a>"
},
{
"href": "/blog/2025/a-security-engineers-guide-to-mcp",
"text": "Learn more about MCP",
"html": "<a class=\"molecule button primary \" href=\"/blog/2025/a-security-engineers-guide-to-mcp\" rel=\"noopener\"> Learn more about MCP </a>"
},
{
"href": "https://semgrep.dev/docs/semgrep-assistant/metrics",
"text": "Learn about our metrics and methodology ->",
"html": "<a class=\"cta-link\" href=\"https://semgrep.dev/docs/semgrep-assistant/metrics\" rel=\"noopener\"> Learn about our metrics and methodology <span class=\"arrow\">-></span> </a>"
},
{
"href": "/about/",
"text": "About",
"html": "<a href=\"/about/\">About</a>"
},
{
"href": "/about/careers/",
"text": "Careers",
"html": "<a href=\"/about/careers/\">Careers</a>"
},
{
"href": "https://www.linkedin.com/company/semgrep/",
"text": "",
"html": "<a href=\"https://www.linkedin.com/company/semgrep/\" target=\"_blank\"><img loading=\"lazy\" src=\"https://semgrep.dev/build/assets/linkedIn-logo-green-d3WRV14l.svg\" alt=\"connect on linkedin\"></a>"
}
],
"contactLinks": [
{
"href": "/resources/customer-success/",
"text": "Product support",
"html": "<a class=\"nav-item\" href=\"/resources/customer-success/\">Product support</a>"
},
{
"href": "/contact-us/",
"text": "Contact us",
"html": "<a class=\"nav-item\" href=\"/contact-us/\">Contact us</a>"
},
{
"href": "/resources/customer-success/",
"text": "Customer Success Get help from Semgrep’s Customer Success team",
"html": "<a class=\"nav-item\" href=\"/resources/customer-success/\"> <img src=\"/assets/icons/money.svg\" alt=\"money icon\"> <div> <span>Customer Success</span> <p>Get help from Semgrep’s Customer Success team</p> </div> </a>"
},
{
"href": "/blog/2026/getting-ready-for-mythos-with-semgrep/",
"text": "Blog Getting ready for Mythos Mythos is poised to give attackers an unprecedented advantage, but Semgrep can help you restore the balance in your favor.",
"html": "<a class=\"nav-item\" href=\"/blog/2026/getting-ready-for-mythos-with-semgrep/\"> <div> <label class=\"green\">Blog</label> <span>Getting ready for Mythos</span> <p>Mythos is poised to give attackers an unprecedented advantage, but Semgrep can help you restore the balance in your favor.</p> </div> </a>"
},
{
"href": "/contact/demo",
"text": "Book demo",
"html": "<a class=\"molecule button primary nav-buttons \" href=\"/contact/demo\" rel=\"noopener\"> Book demo </a>"
},
{
"href": "/contact/demo",
"text": "Book demo",
"html": "<a class=\"molecule button primary nav-buttons \" href=\"/contact/demo\" rel=\"noopener\"> Book demo </a>"
},
{
"href": "/resources/customer-success/",
"text": "Product support",
"html": "<a class=\"nav-item\" href=\"/resources/customer-success/\"> Product support </a>"
},
{
"href": "/contact-us/",
"text": "Contact us",
"html": "<a class=\"nav-item\" href=\"/contact-us/\"> Contact us </a>"
},
{
"href": "/contact/demo",
"text": "Book demo",
"html": "<a class=\"molecule button primary nav-buttons \" href=\"/contact/demo\" rel=\"noopener\"> Book demo </a>"
},
{
"href": "/contact/demo/",
"text": "Book a demo",
"html": "<a href=\"/contact/demo/\">Book a demo</a>"
},
{
"href": "/docs/support/",
"text": "Help Center",
"html": "<a href=\"/docs/support/\">Help Center</a>"
},
{
"href": "/contact-us/",
"text": "Contact",
"html": "<a href=\"/contact-us/\">Contact</a>"
}
],
"privacyLinks": [
{
"href": "/legal/privacy/",
"text": "Privacy Policy",
"html": "<a href=\"/legal/privacy/\" target=\"_blank\">Privacy Policy</a>"
},
{
"href": "/legal/terms",
"text": "Website terms",
"html": "<a href=\"/legal/terms\">Website terms</a>"
},
{
"href": "/legal/privacy",
"text": "Privacy",
"html": "<a href=\"/legal/privacy\">Privacy</a>"
}
],
"score": 40,
"weight": 20
}GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
AEO: Answer evidence and trust
AEO: Answer evidence and trust scored 40/100 and needs a fix.
6 Fail
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
AEO: Answer evidence and trust
AEO: Answer evidence and trust scored 40/100 and needs a fix.
Needs attention
AEO: Answer evidence and trust
Issue
Missing AIO trust signals: author, publisher, freshnessDate.
Details
Why it matters
Answer engines need concise answers, question-led structure, entity clarity, visible evidence, and trust signals that can be extracted without relying on search-only metadata checks.
Check name
AEO: Answer evidence and trust
Score
40/100
Status
fail
Category
GEO, AIO & AEO
Maturity
Emerging recommendation
Goal
Make page content easy for answer engines and assistants to answer from directly.
Result
AEO: Answer evidence and trust scored 40/100 and needs a fix.
Evidence
{
"signals": {
"author": false,
"publisher": false,
"freshnessDate": false,
"aboutOrContact": true,
"policyLinks": true
},
"missing": [
"author",
"publisher",
"freshnessDate"
],
"authorMeta": "",
"schemaAuthors": [],
"schemaPublishers": [],
"schemaDates": [],
"visibleDates": [],
"aboutLinks": [
{
"href": "/blog/",
"text": "Blog Get the latest news about Semgrep",
"html": "<a class=\"nav-item\" href=\"/blog/\"> <img src=\"/assets/icons/file-text.svg\" alt> <div> <span>Blog</span> <p>Get the latest news about Semgrep</p> </div> </a>"
},
{
"href": "/about/",
"text": "About The Semgrep story & values",
"html": "<a class=\"nav-item\" href=\"/about/\"> <img src=\"/assets/icons/rocket-icon.svg\" alt=\"rocket icon\"> <div> <span>About</span> <p>The Semgrep story & values</p> </div> </a>"
},
{
"href": "/about/careers/",
"text": "Careers Join the team!",
"html": "<a class=\"nav-item\" href=\"/about/careers/\"> <img src=\"/assets/icons/briefcase-icon.svg\" alt=\"briefcase icon\"> <div> <span>Careers</span> <p>Join the team!</p> </div> </a>"
},
{
"href": "/about/",
"text": "About",
"html": "<a class=\"nav-item\" href=\"/about/\">About</a>"
},
{
"href": "/about/careers/",
"text": "Careers",
"html": "<a class=\"nav-item\" href=\"/about/careers/\">Careers</a>"
},
{
"href": "/products/semgrep-code",
"text": "Semgrep Code (SAST) Find and fix real vulnerabilities. Multimodal AI detection combines static analysis and AI reasoning to uncover OWASP risks, business logic flaws, and IDORs that traditional scanners miss. Learn about Code",
"html": "<a href=\"/products/semgrep-code\" class=\"card\" aria-label=\"Semgrep Code (SAST)\"> <img loading=\"lazy\" src=\"/assets/card_icon-code.svg\" alt> <h3>Semgrep Code (SAST)</h3> <div class=\"body\"><p>Find and fix real vulnerabilities.</p> <p>Multimodal AI detection combines static analysis and AI reasoning to uncover OWASP risks, business logic flaws, and IDORs that traditional scanners miss.</p> </div> <span>Learn about Code</span> </a>"
},
{
"href": "/products/semgrep-supply-chain-old",
"text": "Semgrep Supply Chain (SCA) Safely fix only what’s exploitable. Reachability analysis flags the dependencies that actually matter, reducing false positives in high and critical severity findings by up to 98%. Learn about Supply Chain",
"html": "<a href=\"/products/semgrep-supply-chain-old\" class=\"card\" aria-label=\"Semgrep Supply Chain (SCA)\"> <img loading=\"lazy\" src=\"/assets/card_icon-supply_chain.svg\" alt> <h3>Semgrep Supply Chain (SCA)</h3> <div class=\"body\"><p>Safely fix only what’s exploitable.</p> <p>Reachability analysis flags the dependencies that actually matter, reducing false positives in high and critical severity findings by up to 98%.</p> </div> <span>Learn about Supply Chain</span> </a>"
},
{
"href": "/products/semgrep-secrets",
"text": "Semgrep Secrets Scanning Stop secrets before they ship. Semantic analysis, entropy analysis, and validation detect hardcoded secrets and real credentials, blocking unsafe merges by default. Learn about Secrets",
"html": "<a href=\"/products/semgrep-secrets\" class=\"card\" aria-label=\"Semgrep Secrets Scanning\"> <img loading=\"lazy\" src=\"/assets/card_icon-secrets.svg\" alt> <h3>Semgrep Secrets Scanning</h3> <div class=\"body\"><p>Stop secrets before they ship.</p> <p>Semantic analysis, entropy analysis, and validation detect hardcoded secrets and real credentials, blocking unsafe merges by default.</p> </div> <span>Learn about Secrets</span> </a>"
},
{
"href": "/blog/2025/a-security-engineers-guide-to-mcp",
"text": "Learn more about MCP",
"html": "<a class=\"molecule button primary \" href=\"/blog/2025/a-security-engineers-guide-to-mcp\" rel=\"noopener\"> Learn more about MCP </a>"
},
{
"href": "https://semgrep.dev/docs/semgrep-assistant/metrics",
"text": "Learn about our metrics and methodology ->",
"html": "<a class=\"cta-link\" href=\"https://semgrep.dev/docs/semgrep-assistant/metrics\" rel=\"noopener\"> Learn about our metrics and methodology <span class=\"arrow\">-></span> </a>"
},
{
"href": "/about/",
"text": "About",
"html": "<a href=\"/about/\">About</a>"
},
{
"href": "/about/careers/",
"text": "Careers",
"html": "<a href=\"/about/careers/\">Careers</a>"
},
{
"href": "https://www.linkedin.com/company/semgrep/",
"text": "",
"html": "<a href=\"https://www.linkedin.com/company/semgrep/\" target=\"_blank\"><img loading=\"lazy\" src=\"https://semgrep.dev/build/assets/linkedIn-logo-green-d3WRV14l.svg\" alt=\"connect on linkedin\"></a>"
}
],
"contactLinks": [
{
"href": "/resources/customer-success/",
"text": "Product support",
"html": "<a class=\"nav-item\" href=\"/resources/customer-success/\">Product support</a>"
},
{
"href": "/contact-us/",
"text": "Contact us",
"html": "<a class=\"nav-item\" href=\"/contact-us/\">Contact us</a>"
},
{
"href": "/resources/customer-success/",
"text": "Customer Success Get help from Semgrep’s Customer Success team",
"html": "<a class=\"nav-item\" href=\"/resources/customer-success/\"> <img src=\"/assets/icons/money.svg\" alt=\"money icon\"> <div> <span>Customer Success</span> <p>Get help from Semgrep’s Customer Success team</p> </div> </a>"
},
{
"href": "/blog/2026/getting-ready-for-mythos-with-semgrep/",
"text": "Blog Getting ready for Mythos Mythos is poised to give attackers an unprecedented advantage, but Semgrep can help you restore the balance in your favor.",
"html": "<a class=\"nav-item\" href=\"/blog/2026/getting-ready-for-mythos-with-semgrep/\"> <div> <label class=\"green\">Blog</label> <span>Getting ready for Mythos</span> <p>Mythos is poised to give attackers an unprecedented advantage, but Semgrep can help you restore the balance in your favor.</p> </div> </a>"
},
{
"href": "/contact/demo",
"text": "Book demo",
"html": "<a class=\"molecule button primary nav-buttons \" href=\"/contact/demo\" rel=\"noopener\"> Book demo </a>"
},
{
"href": "/contact/demo",
"text": "Book demo",
"html": "<a class=\"molecule button primary nav-buttons \" href=\"/contact/demo\" rel=\"noopener\"> Book demo </a>"
},
{
"href": "/resources/customer-success/",
"text": "Product support",
"html": "<a class=\"nav-item\" href=\"/resources/customer-success/\"> Product support </a>"
},
{
"href": "/contact-us/",
"text": "Contact us",
"html": "<a class=\"nav-item\" href=\"/contact-us/\"> Contact us </a>"
},
{
"href": "/contact/demo",
"text": "Book demo",
"html": "<a class=\"molecule button primary nav-buttons \" href=\"/contact/demo\" rel=\"noopener\"> Book demo </a>"
},
{
"href": "/contact/demo/",
"text": "Book a demo",
"html": "<a href=\"/contact/demo/\">Book a demo</a>"
},
{
"href": "/docs/support/",
"text": "Help Center",
"html": "<a href=\"/docs/support/\">Help Center</a>"
},
{
"href": "/contact-us/",
"text": "Contact",
"html": "<a href=\"/contact-us/\">Contact</a>"
}
],
"privacyLinks": [
{
"href": "/legal/privacy/",
"text": "Privacy Policy",
"html": "<a href=\"/legal/privacy/\" target=\"_blank\">Privacy Policy</a>"
},
{
"href": "/legal/terms",
"text": "Website terms",
"html": "<a href=\"/legal/terms\">Website terms</a>"
},
{
"href": "/legal/privacy",
"text": "Privacy",
"html": "<a href=\"/legal/privacy\">Privacy</a>"
}
],
"score": 40,
"weight": 22
}GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
AEO: Answer-first sections
AEO: Answer-first sections scored 65/100 and needs improvement.
5 Warning
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
AEO: Answer-first sections
AEO: Answer-first sections scored 65/100 and needs improvement.
Needs attention
AEO: Answer-first sections
Issue
15 section(s) may benefit from a clearer opening answer; this is optional for feature/card sections.
Details
Why it matters
Answer engines need concise answers, question-led structure, entity clarity, visible evidence, and trust signals that can be extracted without relying on search-only metadata checks.
Check name
AEO: Answer-first sections
Score
65/100
Status
warning
Category
GEO, AIO & AEO
Maturity
Emerging recommendation
Goal
Make page content easy for answer engines and assistants to answer from directly.
Result
AEO: Answer-first sections scored 65/100 and needs improvement.
Evidence
{
"sectionCount": 15,
"passing": 0,
"failing": [
{
"heading": "Built for Builders, Trusted by Security",
"headingHtml": "<h2 class=\"h3\"><p>Built for Builders, Trusted by Security</p> </h2>",
"firstParagraph": "Built for Builders, Trusted by Security",
"paragraphHtml": "<p>Built for Builders, Trusted by Security</p>",
"words": 6,
"direct": false,
"issue": "First paragraph is 6 words and does not look like a concise direct answer."
},
{
"heading": "The high signal code security platform",
"headingHtml": "<h2 class=\"h3\">The high signal code 
security platform</h2>",
"firstParagraph": "",
"paragraphHtml": "",
"words": 0,
"direct": false,
"issue": "No paragraph follows this heading."
},
{
"heading": "Semgrep Code (SAST)",
"headingHtml": "<h3>Semgrep Code (SAST)</h3>",
"firstParagraph": "Find and fix real vulnerabilities.",
"paragraphHtml": "<p>Find and fix real vulnerabilities.</p>",
"words": 5,
"direct": false,
"issue": "First paragraph is 5 words and does not look like a concise direct answer."
},
{
"heading": "Semgrep Supply Chain (SCA)",
"headingHtml": "<h3>Semgrep Supply Chain (SCA)</h3>",
"firstParagraph": "Safely fix only what’s exploitable.",
"paragraphHtml": "<p>Safely fix only what’s exploitable.</p>",
"words": 6,
"direct": false,
"issue": "First paragraph is 6 words and does not look like a concise direct answer."
},
{
"heading": "Semgrep Secrets Scanning",
"headingHtml": "<h3>Semgrep Secrets Scanning</h3>",
"firstParagraph": "Stop secrets before they ship.",
"paragraphHtml": "<p>Stop secrets before they ship.</p>",
"words": 5,
"direct": false,
"issue": "First paragraph is 5 words and does not look like a concise direct answer."
},
{
"heading": "Security for AI-powered software development",
"headingHtml": "<h3><p>Security for AI-powered software development</p> </h3>",
"firstParagraph": "Security for AI-powered software development",
"paragraphHtml": "<p>Security for AI-powered software development</p>",
"words": 5,
"direct": false,
"issue": "First paragraph is 5 words and does not look like a concise direct answer."
},
{
"heading": "AI woven across the AppSec lifecycle",
"headingHtml": "<h2 class=\"section-title\">AI woven across the AppSec lifecycle</h2>",
"firstParagraph": "",
"paragraphHtml": "",
"words": 0,
"direct": false,
"issue": "No paragraph follows this heading."
},
{
"heading": "Detect What Matters",
"headingHtml": "<h3><p>Detect What Matters</p> </h3>",
"firstParagraph": "Detect What Matters",
"paragraphHtml": "<p>Detect What Matters</p>",
"words": 3,
"direct": false,
"issue": "First paragraph is 3 words and does not look like a concise direct answer."
},
{
"heading": "Noise Filtering",
"headingHtml": "<h3><p>Noise Filtering</p> </h3>",
"firstParagraph": "Noise Filtering",
"paragraphHtml": "<p>Noise Filtering</p>",
"words": 2,
"direct": false,
"issue": "First paragraph is 2 words and does not look like a concise direct answer."
},
{
"heading": "Remediation",
"headingHtml": "<h3><p>Remediation</p> </h3>",
"firstParagraph": "Remediation",
"paragraphHtml": "<p>Remediation</p>",
"words": 1,
"direct": false,
"issue": "First paragraph is 1 words and does not look like a concise direct answer."
},
{
"heading": "Prevention",
"headingHtml": "<h3><p>Prevention</p> </h3>",
"firstParagraph": "Prevention",
"paragraphHtml": "<p>Prevention</p>",
"words": 1,
"direct": false,
"issue": "First paragraph is 1 words and does not look like a concise direct answer."
},
{
"heading": "Works where you build. Connects where your software runs",
"headingHtml": "<h3><p>Works where you build. Connects where your software runs</p> </h3>",
"firstParagraph": "Works where you build. Connects where your software runs",
"paragraphHtml": "<p>Works where you build. Connects where your software runs</p>",
"words": 9,
"direct": false,
"issue": "First paragraph is 9 words and does not look like a concise direct answer."
},
{
"heading": "Code security that unifies teams, accelerates delivery, and reduces real risk",
"headingHtml": "<h3 class=\"h3\">Code security that unifies teams, accelerates delivery, and reduces real risk</h3>",
"firstParagraph": "",
"paragraphHtml": "",
"words": 0,
"direct": false,
"issue": "No paragraph follows this heading."
},
{
"heading": "No buzzwords, just real world results",
"headingHtml": "<h2 class=\"testimonial-header \"><p>No buzzwords, just<br> real world results</p> </h2>",
"firstParagraph": "No buzzwords, just real world results",
"paragraphHtml": "<p>No buzzwords, just<br> real world results</p>",
"words": 6,
"direct": false,
"issue": "First paragraph is 6 words and does not look like a concise direct answer."
},
{
"heading": "Protect your code with secure guardrails",
"headingHtml": "<h3><p>Protect your code with secure guardrails</p> </h3>",
"firstParagraph": "Protect your code with secure guardrails",
"paragraphHtml": "<p>Protect your code with secure guardrails</p>",
"words": 6,
"direct": false,
"issue": "First paragraph is 6 words and does not look like a concise direct answer."
}
],
"score": 65,
"weight": 28
}GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
AEO: Question-led structure
AEO: Question-led structure scored 50/100 and needs improvement.
4 Warning
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
AEO: Question-led structure
AEO: Question-led structure scored 50/100 and needs improvement.
Needs attention
AEO: Question-led structure
Issue
No question-led h2 sections or FAQ pattern was detected.
Details
Why it matters
Answer engines need concise answers, question-led structure, entity clarity, visible evidence, and trust signals that can be extracted without relying on search-only metadata checks.
Check name
AEO: Question-led structure
Score
50/100
Status
warning
Category
GEO, AIO & AEO
Maturity
Emerging recommendation
Goal
Make page content easy for answer engines and assistants to answer from directly.
Result
AEO: Question-led structure scored 50/100 and needs improvement.
Evidence
{
"h2Count": 4,
"questionH2s": [],
"hasFaq": false,
"score": 50,
"weight": 18
}GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
GEO: Explanatory content depth
GEO: Explanatory content depth scored 75/100 and needs improvement.
4 Warning
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
GEO: Explanatory content depth
GEO: Explanatory content depth scored 75/100 and needs improvement.
Needs attention
GEO: Explanatory content depth
Issue
No substantial explanatory paragraphs were found.
Details
Why it matters
Generative engines favor pages with self-contained answer passages, clear entities, structured data, summaries, FAQ patterns, and crawler-accessible HTML that can be cited without extra interpretation.
Check name
GEO: Explanatory content depth
Score
75/100
Status
warning
Category
GEO, AIO & AEO
Maturity
Emerging recommendation
Goal
Make page content easy for AI answer engines to extract, cite, and attribute.
Result
GEO: Explanatory content depth scored 75/100 and needs improvement.
Evidence
{
"candidatePassages": 1,
"citablePassages": 0,
"failingCandidateParagraphs": [],
"citableParagraphs": [],
"score": 75,
"weight": 18
}GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
AIO: Answer block readiness
AIO: Answer block readiness scored 65/100 and needs improvement.
2 Warning
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
AIO: Answer block readiness
AIO: Answer block readiness scored 65/100 and needs improvement.
Needs attention
AIO: Answer block readiness
Issue
15 section(s) may benefit from a clearer opening answer; this is optional for feature/card sections.
Details
Why it matters
AI Overviews depend on Google-search eligibility, useful visible content, consistent structured data, answer-first sections, trust signals, and preview controls that permit snippets.
Check name
AIO: Answer block readiness
Score
65/100
Status
warning
Category
GEO, AIO & AEO
Maturity
Emerging recommendation
Goal
Make page content eligible and useful for Google AI Overviews and AI Mode extraction.
Result
AIO: Answer block readiness scored 65/100 and needs improvement.
Evidence
{
"sectionCount": 15,
"passing": 0,
"failing": [
{
"heading": "Built for Builders, Trusted by Security",
"headingHtml": "<h2 class=\"h3\"><p>Built for Builders, Trusted by Security</p> </h2>",
"firstParagraph": "Built for Builders, Trusted by Security",
"paragraphHtml": "<p>Built for Builders, Trusted by Security</p>",
"words": 6,
"direct": false,
"issue": "First paragraph is 6 words and does not look like a concise direct answer."
},
{
"heading": "The high signal code security platform",
"headingHtml": "<h2 class=\"h3\">The high signal code 
security platform</h2>",
"firstParagraph": "",
"paragraphHtml": "",
"words": 0,
"direct": false,
"issue": "No paragraph follows this heading."
},
{
"heading": "Semgrep Code (SAST)",
"headingHtml": "<h3>Semgrep Code (SAST)</h3>",
"firstParagraph": "Find and fix real vulnerabilities.",
"paragraphHtml": "<p>Find and fix real vulnerabilities.</p>",
"words": 5,
"direct": false,
"issue": "First paragraph is 5 words and does not look like a concise direct answer."
},
{
"heading": "Semgrep Supply Chain (SCA)",
"headingHtml": "<h3>Semgrep Supply Chain (SCA)</h3>",
"firstParagraph": "Safely fix only what’s exploitable.",
"paragraphHtml": "<p>Safely fix only what’s exploitable.</p>",
"words": 6,
"direct": false,
"issue": "First paragraph is 6 words and does not look like a concise direct answer."
},
{
"heading": "Semgrep Secrets Scanning",
"headingHtml": "<h3>Semgrep Secrets Scanning</h3>",
"firstParagraph": "Stop secrets before they ship.",
"paragraphHtml": "<p>Stop secrets before they ship.</p>",
"words": 5,
"direct": false,
"issue": "First paragraph is 5 words and does not look like a concise direct answer."
},
{
"heading": "Security for AI-powered software development",
"headingHtml": "<h3><p>Security for AI-powered software development</p> </h3>",
"firstParagraph": "Security for AI-powered software development",
"paragraphHtml": "<p>Security for AI-powered software development</p>",
"words": 5,
"direct": false,
"issue": "First paragraph is 5 words and does not look like a concise direct answer."
},
{
"heading": "AI woven across the AppSec lifecycle",
"headingHtml": "<h2 class=\"section-title\">AI woven across the AppSec lifecycle</h2>",
"firstParagraph": "",
"paragraphHtml": "",
"words": 0,
"direct": false,
"issue": "No paragraph follows this heading."
},
{
"heading": "Detect What Matters",
"headingHtml": "<h3><p>Detect What Matters</p> </h3>",
"firstParagraph": "Detect What Matters",
"paragraphHtml": "<p>Detect What Matters</p>",
"words": 3,
"direct": false,
"issue": "First paragraph is 3 words and does not look like a concise direct answer."
},
{
"heading": "Noise Filtering",
"headingHtml": "<h3><p>Noise Filtering</p> </h3>",
"firstParagraph": "Noise Filtering",
"paragraphHtml": "<p>Noise Filtering</p>",
"words": 2,
"direct": false,
"issue": "First paragraph is 2 words and does not look like a concise direct answer."
},
{
"heading": "Remediation",
"headingHtml": "<h3><p>Remediation</p> </h3>",
"firstParagraph": "Remediation",
"paragraphHtml": "<p>Remediation</p>",
"words": 1,
"direct": false,
"issue": "First paragraph is 1 words and does not look like a concise direct answer."
},
{
"heading": "Prevention",
"headingHtml": "<h3><p>Prevention</p> </h3>",
"firstParagraph": "Prevention",
"paragraphHtml": "<p>Prevention</p>",
"words": 1,
"direct": false,
"issue": "First paragraph is 1 words and does not look like a concise direct answer."
},
{
"heading": "Works where you build. Connects where your software runs",
"headingHtml": "<h3><p>Works where you build. Connects where your software runs</p> </h3>",
"firstParagraph": "Works where you build. Connects where your software runs",
"paragraphHtml": "<p>Works where you build. Connects where your software runs</p>",
"words": 9,
"direct": false,
"issue": "First paragraph is 9 words and does not look like a concise direct answer."
},
{
"heading": "Code security that unifies teams, accelerates delivery, and reduces real risk",
"headingHtml": "<h3 class=\"h3\">Code security that unifies teams, accelerates delivery, and reduces real risk</h3>",
"firstParagraph": "",
"paragraphHtml": "",
"words": 0,
"direct": false,
"issue": "No paragraph follows this heading."
},
{
"heading": "No buzzwords, just real world results",
"headingHtml": "<h2 class=\"testimonial-header \"><p>No buzzwords, just<br> real world results</p> </h2>",
"firstParagraph": "No buzzwords, just real world results",
"paragraphHtml": "<p>No buzzwords, just<br> real world results</p>",
"words": 6,
"direct": false,
"issue": "First paragraph is 6 words and does not look like a concise direct answer."
},
{
"heading": "Protect your code with secure guardrails",
"headingHtml": "<h3><p>Protect your code with secure guardrails</p> </h3>",
"firstParagraph": "Protect your code with secure guardrails",
"paragraphHtml": "<p>Protect your code with secure guardrails</p>",
"words": 6,
"direct": false,
"issue": "First paragraph is 6 words and does not look like a concise direct answer."
}
],
"score": 65,
"weight": 8
}GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
AEO: Answer intent coverage
AEO: Answer intent coverage scored 70/100 and needs improvement.
1 Warning
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
AEO: Answer intent coverage
AEO: Answer intent coverage scored 70/100 and needs improvement.
Needs attention
AEO: Answer intent coverage
Issue
Missing likely AI Overview intent sections: what, how, benefits, cost, compare.
Details
Why it matters
Answer engines need concise answers, question-led structure, entity clarity, visible evidence, and trust signals that can be extracted without relying on search-only metadata checks.
Check name
AEO: Answer intent coverage
Score
70/100
Status
warning
Category
GEO, AIO & AEO
Maturity
Emerging recommendation
Goal
Make page content easy for answer engines and assistants to answer from directly.
Result
AEO: Answer intent coverage scored 70/100 and needs improvement.
Evidence
{
"headings": [
{
"text": "Built for Builders, Trusted by Security",
"html": "<h2 class=\"h3\"><p>Built for Builders, Trusted by Security</p> </h2>"
},
{
"text": "The high signal code security platform",
"html": "<h2 class=\"h3\">The high signal code 
security platform</h2>"
},
{
"text": "AI woven across the AppSec lifecycle",
"html": "<h2 class=\"section-title\">AI woven across the AppSec lifecycle</h2>"
},
{
"text": "No buzzwords, just real world results",
"html": "<h2 class=\"testimonial-header \"><p>No buzzwords, just<br> real world results</p> </h2>"
}
],
"expected": [
{
"id": "what",
"label": "What is Semgrep App Security Platform?",
"pattern": {}
},
{
"id": "how",
"label": "How does Semgrep App Security Platform work?",
"pattern": {}
},
{
"id": "benefits",
"label": "Why use Semgrep App Security Platform?",
"pattern": {}
},
{
"id": "cost",
"label": "Is Semgrep App Security Platform free or paid?",
"pattern": {}
},
{
"id": "compare",
"label": "How does Semgrep App Security Platform compare with alternatives?",
"pattern": {}
}
],
"missing": [
{
"id": "what",
"label": "What is Semgrep App Security Platform?",
"pattern": {}
},
{
"id": "how",
"label": "How does Semgrep App Security Platform work?",
"pattern": {}
},
{
"id": "benefits",
"label": "Why use Semgrep App Security Platform?",
"pattern": {}
},
{
"id": "cost",
"label": "Is Semgrep App Security Platform free or paid?",
"pattern": {}
},
{
"id": "compare",
"label": "How does Semgrep App Security Platform compare with alternatives?",
"pattern": {}
}
],
"score": 70,
"weight": 8
}GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
AIO: Page experience for AIO
AIO: Page experience for AIO scored 80/100 and needs improvement.
1 Warning
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
AIO: Page experience for AIO
AIO: Page experience for AIO scored 80/100 and needs improvement.
Needs attention
AIO: Page experience for AIO
Issue
102 image(s) are missing width/height attributes.
Details
Why it matters
AI Overviews depend on Google-search eligibility, useful visible content, consistent structured data, answer-first sections, trust signals, and preview controls that permit snippets.
Check name
AIO: Page experience for AIO
Score
80/100
Status
warning
Category
GEO, AIO & AEO
Maturity
Emerging recommendation
Goal
Make page content eligible and useful for Google AI Overviews and AI Mode extraction.
Result
AIO: Page experience for AIO scored 80/100 and needs improvement.
Evidence
{
"viewportContent": "width=device-width, initial-scale=1",
"visibleWords": 1478,
"htmlBytes": 128360,
"imagesMissingDimensions": [
{
"src": "https://semgrep.dev/build/assets/semgrep-logo-dark-F_zJCZNg.svg",
"width": "",
"height": "",
"loading": "",
"html": "<img src=\"https://semgrep.dev/build/assets/semgrep-logo-dark-F_zJCZNg.svg\" alt=\"click to navigate to the homepage\">"
},
{
"src": "https://semgrep.dev/build/assets/down-arrow-DesGgE7y.svg",
"width": "",
"height": "",
"loading": "",
"html": "<img class=\"arrow\" src=\"https://semgrep.dev/build/assets/down-arrow-DesGgE7y.svg\" aria-label=\"select to open or collapse Products dropdown\" role=\"button\" aria-expanded=\"false\">"
},
{
"src": "/assets/icons/code.svg",
"width": "",
"height": "",
"loading": "",
"html": "<img src=\"/assets/icons/code.svg\" alt=\"code icon\">"
},
{
"src": "/assets/icons/shield.svg",
"width": "",
"height": "",
"loading": "",
"html": "<img src=\"/assets/icons/shield.svg\" alt>"
},
{
"src": "/assets/icons/secrets.svg",
"width": "",
"height": "",
"loading": "",
"html": "<img src=\"/assets/icons/secrets.svg\" alt=\"secrets icon\">"
},
{
"src": "/assets/icons/assistant.svg",
"width": "",
"height": "",
"loading": "",
"html": "<img src=\"/assets/icons/assistant.svg\" alt=\"assistant icon\">"
},
{
"src": "/assets/icons/cloud.svg",
"width": "",
"height": "",
"loading": "",
"html": "<img src=\"/assets/icons/cloud.svg\" alt=\"cloud icon\">"
},
{
"src": "/assets/icons/zap.svg",
"width": "",
"height": "",
"loading": "",
"html": "<img src=\"/assets/icons/zap.svg\" alt=\"zap icon\">"
},
{
"src": "https://semgrep.dev/build/assets/down-arrow-DesGgE7y.svg",
"width": "",
"height": "",
"loading": "",
"html": "<img class=\"arrow\" src=\"https://semgrep.dev/build/assets/down-arrow-DesGgE7y.svg\" aria-label=\"select to open or collapse Solutions dropdown\" role=\"button\" aria-expanded=\"false\">"
},
{
"src": "/assets/icons/vibe-code-icon.svg",
"width": "",
"height": "",
"loading": "",
"html": "<img src=\"/assets/icons/vibe-code-icon.svg\" alt=\"vibe coding icon\">"
},
{
"src": "/assets/icons/software-supply-chain-security-icon.svg",
"width": "",
"height": "",
"loading": "",
"html": "<img src=\"/assets/icons/software-supply-chain-security-icon.svg\" alt=\"security icon\">"
},
{
"src": "/assets/icons/sast-icon.svg",
"width": "",
"height": "",
"loading": "",
"html": "<img src=\"/assets/icons/sast-icon.svg\" alt=\"sast icon\">"
},
{
"src": "/assets/icons/owasp-t10.svg",
"width": "",
"height": "",
"loading": "",
"html": "<img src=\"/assets/icons/owasp-t10.svg\" alt=\"owasp icon\">"
},
{
"src": "/assets/icons/shield-1.svg",
"width": "",
"height": "",
"loading": "",
"html": "<img src=\"/assets/icons/shield-1.svg\" alt=\"shield icon\">"
},
{
"src": "/assets/icons/money.svg",
"width": "",
"height": "",
"loading": "",
"html": "<img src=\"/assets/icons/money.svg\" alt=\"money icon\">"
},
{
"src": "/assets/icons/cloud.svg",
"width": "",
"height": "",
"loading": "",
"html": "<img src=\"/assets/icons/cloud.svg\" alt=\"cloud icon\">"
},
{
"src": "https://semgrep.dev/build/assets/down-arrow-DesGgE7y.svg",
"width": "",
"height": "",
"loading": "",
"html": "<img class=\"arrow\" src=\"https://semgrep.dev/build/assets/down-arrow-DesGgE7y.svg\" aria-label=\"select to open or collapse Resources dropdown\" role=\"button\" aria-expanded=\"false\">"
},
{
"src": "/assets/icons/book.svg",
"width": "",
"height": "",
"loading": "",
"html": "<img src=\"/assets/icons/book.svg\" alt=\"book icon\">"
},
{
"src": "/assets/icons/file-text.svg",
"width": "",
"height": "",
"loading": "",
"html": "<img src=\"/assets/icons/file-text.svg\" alt>"
},
{
"src": "/assets/icons/money.svg",
"width": "",
"height": "",
"loading": "",
"html": "<img src=\"/assets/icons/money.svg\" alt=\"money icon\">"
},
{
"src": "/assets/icons/calendar.svg",
"width": "",
"height": "",
"loading": "",
"html": "<img src=\"/assets/icons/calendar.svg\" alt=\"calendar icon\">"
},
{
"src": "/assets/icons/calendar.svg",
"width": "",
"height": "",
"loading": "",
"html": "<img src=\"/assets/icons/calendar.svg\" alt=\"calendar icon\">"
},
{
"src": "/assets/icons/file-text.svg",
"width": "",
"height": "",
"loading": "",
"html": "<img src=\"/assets/icons/file-text.svg\" alt>"
},
{
"src": "/assets/icons/money.svg",
"width": "",
"height": "",
"loading": "",
"html": "<img src=\"/assets/icons/money.svg\" alt=\"money icon\">"
},
{
"src": "/assets/icons/zap.svg",
"width": "",
"height": "",
"loading": "",
"html": "<img src=\"/assets/icons/zap.svg\" alt=\"zap icon\">"
},
{
"src": "https://semgrep.dev/build/assets/down-arrow-DesGgE7y.svg",
"width": "",
"height": "",
"loading": "",
"html": "<img class=\"arrow\" src=\"https://semgrep.dev/build/assets/down-arrow-DesGgE7y.svg\" aria-label=\"select to open or collapse Company dropdown\" role=\"button\" aria-expanded=\"false\">"
},
{
"src": "/assets/icons/rocket-icon.svg",
"width": "",
"height": "",
"loading": "",
"html": "<img src=\"/assets/icons/rocket-icon.svg\" alt=\"rocket icon\">"
},
{
"src": "/assets/icons/briefcase-icon.svg",
"width": "",
"height": "",
"loading": "",
"html": "<img src=\"/assets/icons/briefcase-icon.svg\" alt=\"briefcase icon\">"
},
{
"src": "/assets/icons/handshake-icon.svg",
"width": "",
"height": "",
"loading": "",
"html": "<img src=\"/assets/icons/handshake-icon.svg\" alt>"
},
{
"src": "https://semgrep.dev/build/assets/semgrep-logo-dark-F_zJCZNg.svg",
"width": "",
"height": "",
"loading": "",
"html": "<img src=\"https://semgrep.dev/build/assets/semgrep-logo-dark-F_zJCZNg.svg\" alt=\"click to navigate to the homepage\">"
},
{
"src": "https://semgrep.dev/build/assets/menu-Cev7CaPt.svg",
"width": "",
"height": "",
"loading": "",
"html": "<img src=\"https://semgrep.dev/build/assets/menu-Cev7CaPt.svg\" class=\"menu-icon\" alt=\"click to open menu\">"
},
{
"src": "https://semgrep.dev/build/assets/close-94g2KY78.svg",
"width": "",
"height": "",
"loading": "",
"html": "<img src=\"https://semgrep.dev/build/assets/close-94g2KY78.svg\" class=\"close-icon\" alt=\"click to close menu\">"
},
{
"src": "https://semgrep.dev/build/assets/down-arrow-DesGgE7y.svg",
"width": "",
"height": "",
"loading": "",
"html": "<img class=\"arrow\" src=\"https://semgrep.dev/build/assets/down-arrow-DesGgE7y.svg\" alt=\"click to see dropdown options\">"
},
{
"src": "/assets/icons/code.svg",
"width": "",
"height": "",
"loading": "",
"html": "<img src=\"/assets/icons/code.svg\">"
},
{
"src": "/assets/icons/shield.svg",
"width": "",
"height": "",
"loading": "",
"html": "<img src=\"/assets/icons/shield.svg\">"
},
{
"src": "/assets/icons/secrets.svg",
"width": "",
"height": "",
"loading": "",
"html": "<img src=\"/assets/icons/secrets.svg\">"
},
{
"src": "/assets/icons/assistant.svg",
"width": "",
"height": "",
"loading": "",
"html": "<img src=\"/assets/icons/assistant.svg\">"
},
{
"src": "/assets/icons/cloud.svg",
"width": "",
"height": "",
"loading": "",
"html": "<img src=\"/assets/icons/cloud.svg\">"
},
{
"src": "/assets/icons/zap.svg",
"width": "",
"height": "",
"loading": "",
"html": "<img src=\"/assets/icons/zap.svg\">"
},
{
"src": "https://semgrep.dev/build/assets/down-arrow-DesGgE7y.svg",
"width": "",
"height": "",
"loading": "",
"html": "<img class=\"arrow\" src=\"https://semgrep.dev/build/assets/down-arrow-DesGgE7y.svg\" alt=\"click to see dropdown options\">"
},
{
"src": "/assets/icons/vibe-code-icon.svg",
"width": "",
"height": "",
"loading": "",
"html": "<img src=\"/assets/icons/vibe-code-icon.svg\">"
},
{
"src": "/assets/icons/software-supply-chain-security-icon.svg",
"width": "",
"height": "",
"loading": "",
"html": "<img src=\"/assets/icons/software-supply-chain-security-icon.svg\">"
},
{
"src": "/assets/icons/sast-icon.svg",
"width": "",
"height": "",
"loading": "",
"html": "<img src=\"/assets/icons/sast-icon.svg\">"
},
{
"src": "/assets/icons/owasp-t10.svg",
"width": "",
"height": "",
"loading": "",
"html": "<img src=\"/assets/icons/owasp-t10.svg\">"
},
{
"src": "/assets/icons/shield-1.svg",
"width": "",
"height": "",
"loading": "",
"html": "<img src=\"/assets/icons/shield-1.svg\">"
},
{
"src": "/assets/icons/money.svg",
"width": "",
"height": "",
"loading": "",
"html": "<img src=\"/assets/icons/money.svg\">"
},
{
"src": "/assets/icons/cloud.svg",
"width": "",
"height": "",
"loading": "",
"html": "<img src=\"/assets/icons/cloud.svg\">"
},
{
"src": "https://semgrep.dev/build/assets/down-arrow-DesGgE7y.svg",
"width": "",
"height": "",
"loading": "",
"html": "<img class=\"arrow\" src=\"https://semgrep.dev/build/assets/down-arrow-DesGgE7y.svg\" alt=\"click to see dropdown options\">"
},
{
"src": "/assets/icons/book.svg",
"width": "",
"height": "",
"loading": "",
"html": "<img src=\"/assets/icons/book.svg\">"
},
{
"src": "/assets/icons/file-text.svg",
"width": "",
"height": "",
"loading": "",
"html": "<img src=\"/assets/icons/file-text.svg\">"
},
{
"src": "/assets/icons/money.svg",
"width": "",
"height": "",
"loading": "",
"html": "<img src=\"/assets/icons/money.svg\">"
},
{
"src": "/assets/icons/calendar.svg",
"width": "",
"height": "",
"loading": "",
"html": "<img src=\"/assets/icons/calendar.svg\">"
},
{
"src": "/assets/icons/calendar.svg",
"width": "",
"height": "",
"loading": "",
"html": "<img src=\"/assets/icons/calendar.svg\">"
},
{
"src": "/assets/icons/file-text.svg",
"width": "",
"height": "",
"loading": "",
"html": "<img src=\"/assets/icons/file-text.svg\">"
},
{
"src": "/assets/icons/zap.svg",
"width": "",
"height": "",
"loading": "",
"html": "<img src=\"/assets/icons/zap.svg\">"
},
{
"src": "/assets/icons/calendar.svg",
"width": "",
"height": "",
"loading": "",
"html": "<img src=\"/assets/icons/calendar.svg\">"
},
{
"src": "https://semgrep.dev/build/assets/down-arrow-DesGgE7y.svg",
"width": "",
"height": "",
"loading": "",
"html": "<img class=\"arrow\" src=\"https://semgrep.dev/build/assets/down-arrow-DesGgE7y.svg\" alt=\"click to see dropdown options\">"
},
{
"src": "/assets/icons/rocket-icon.svg",
"width": "",
"height": "",
"loading": "",
"html": "<img src=\"/assets/icons/rocket-icon.svg\">"
},
{
"src": "/assets/icons/briefcase-icon.svg",
"width": "",
"height": "",
"loading": "",
"html": "<img src=\"/assets/icons/briefcase-icon.svg\">"
},
{
"src": "/assets/icons/handshake-icon.svg",
"width": "",
"height": "",
"loading": "",
"html": "<img src=\"/assets/icons/handshake-icon.svg\">"
},
{
"src": "/assets/home-hero-2602.svg",
"width": "",
"height": "",
"loading": "lazy",
"html": "<img loading=\"lazy\" class=\"display-image \" src=\"/assets/home-hero-2602.svg\">"
},
{
"src": "/assets/logos/lyft-logo.svg",
"width": "",
"height": "",
"loading": "lazy",
"html": "<img loading=\"lazy\" src=\"/assets/logos/lyft-logo.svg\" alt=\"Lyft Logo\">"
},
{
"src": "/assets/logos/dropbox-logo.svg",
"width": "",
"height": "",
"loading": "lazy",
"html": "<img loading=\"lazy\" src=\"/assets/logos/dropbox-logo.svg\" alt=\"Dropbox Logo\">"
},
{
"src": "/assets/logos/figma-icon.svg",
"width": "",
"height": "",
"loading": "lazy",
"html": "<img loading=\"lazy\" src=\"/assets/logos/figma-icon.svg\" alt=\"Figma\">"
},
{
"src": "/assets/logos/slack-logo.svg",
"width": "",
"height": "",
"loading": "lazy",
"html": "<img loading=\"lazy\" src=\"/assets/logos/slack-logo.svg\" alt=\"Slack Logo\">"
},
{
"src": "/assets/logos/gitlab-logo.svg",
"width": "",
"height": "",
"loading": "lazy",
"html": "<img loading=\"lazy\" src=\"/assets/logos/gitlab-logo.svg\" alt=\"Gitlab Logo\">"
},
{
"src": "/assets/logos/hashicorp-logo.svg",
"width": "",
"height": "",
"loading": "lazy",
"html": "<img loading=\"lazy\" src=\"/assets/logos/hashicorp-logo.svg\" alt=\"Hashicorp Logo\">"
},
{
"src": "/assets/logos/tob-logo.svg",
"width": "",
"height": "",
"loading": "lazy",
"html": "<img loading=\"lazy\" src=\"/assets/logos/tob-logo.svg\" alt=\"Trail of Bits Logo\">"
},
{
"src": "/assets/logos/vanta-logo-18hg3.svg",
"width": "",
"height": "",
"loading": "lazy",
"html": "<img loading=\"lazy\" src=\"/assets/logos/vanta-logo-18hg3.svg\" alt>"
},
{
"src": "/assets/illustrations/why-semgrep.svg",
"width": "",
"height": "",
"loading": "lazy",
"html": "<img loading=\"lazy\" src=\"/assets/illustrations/why-semgrep.svg\" alt=\"Why Semgrep Illustration\">"
},
{
"src": "/assets/icons/fi-fast.svg",
"width": "",
"height": "",
"loading": "lazy",
"html": "<img loading=\"lazy\" src=\"/assets/icons/fi-fast.svg\" alt=\"fi fast icon\">"
},
{
"src": "/assets/icons/fi-customizable.svg",
"width": "",
"height": "",
"loading": "lazy",
"html": "<img loading=\"lazy\" src=\"/assets/icons/fi-customizable.svg\" alt=\"fi customizable icon\">"
},
{
"src": "/assets/icons/fi-transparent.svg",
"width": "",
"height": "",
"loading": "lazy",
"html": "<img loading=\"lazy\" src=\"/assets/icons/fi-transparent.svg\" alt=\"fi transparent icon\">"
},
{
"src": "/assets/icons/fi-extensible.svg",
"width": "",
"height": "",
"loading": "lazy",
"html": "<img loading=\"lazy\" src=\"/assets/icons/fi-extensible.svg\" alt=\"fi extensible icon\">"
},
{
"src": "/assets/card_icon-code.svg",
"width": "",
"height": "",
"loading": "lazy",
"html": "<img loading=\"lazy\" src=\"/assets/card_icon-code.svg\" alt>"
},
{
"src": "/assets/card_icon-supply_chain.svg",
"width": "",
"height": "",
"loading": "lazy",
"html": "<img loading=\"lazy\" src=\"/assets/card_icon-supply_chain.svg\" alt>"
},
{
"src": "/assets/card_icon-secrets.svg",
"width": "",
"height": "",
"loading": "lazy",
"html": "<img loading=\"lazy\" src=\"/assets/card_icon-secrets.svg\" alt>"
},
{
"src": "/assets/illustrations/mcp-server.svg",
"width": "",
"height": "",
"loading": "lazy",
"html": "<img loading=\"lazy\" class=\"image no-height\" src=\"/assets/illustrations/mcp-server.svg\" alt=\"MCP Server Illustration\">"
},
{
"src": "/assets/illustrations/h-detection.svg",
"width": "",
"height": "",
"loading": "lazy",
"html": "<img loading=\"lazy\" class=\"image \" src=\"/assets/illustrations/h-detection.svg\" alt=\"Detection Illustration\">"
},
{
"src": "/assets/illustrations/h-filtering.svg",
"width": "",
"height": "",
"loading": "lazy",
"html": "<img loading=\"lazy\" class=\"image \" src=\"/assets/illustrations/h-filtering.svg\" alt=\"Filtering Illustration\">"
},
{
"src": "/assets/illustrations/h-remediation.svg",
"width": "",
"height": "",
"loading": "lazy",
"html": "<img loading=\"lazy\" class=\"image \" src=\"/assets/illustrations/h-remediation.svg\" alt>"
},
{
"src": "/assets/illustrations/h-prevention.svg",
"width": "",
"height": "",
"loading": "lazy",
"html": "<img loading=\"lazy\" class=\"image \" src=\"/assets/illustrations/h-prevention.svg\" alt>"
},
{
"src": "/assets/integrations.svg",
"width": "",
"height": "",
"loading": "lazy",
"html": "<img loading=\"lazy\" class=\"image no-height\" src=\"/assets/integrations.svg\" alt>"
},
{
"src": "/assets/logos/vanta-logo-new-gray.svg",
"width": "",
"height": "",
"loading": "lazy",
"html": "<img loading=\"lazy\" src=\"/assets/logos/vanta-logo-new-gray.svg\" alt=\"Logo for Vanta\">"
},
{
"src": "/assets/logos/thinkific-svg-logo.svg",
"width": "",
"height": "",
"loading": "lazy",
"html": "<img loading=\"lazy\" src=\"/assets/logos/thinkific-svg-logo.svg\" alt=\"Logo for Thinkific\">"
},
{
"src": "/assets/logos/acrisure_logo.svg.png",
"width": "",
"height": "",
"loading": "lazy",
"html": "<img loading=\"lazy\" src=\"/assets/logos/acrisure_logo.svg.png\" alt=\"Logo for Acrisure\">"
},
{
"src": "/assets/people/01-allan-reyes.png",
"width": "",
"height": "",
"loading": "lazy",
"html": "<img loading=\"lazy\" src=\"/assets/people/01-allan-reyes.png\" alt=\"Picture of Allan Reyes\">"
},
{
"src": "/assets/logos/vanta-logo-new-gray.svg",
"width": "",
"height": "",
"loading": "lazy",
"html": "<img loading=\"lazy\" src=\"/assets/logos/vanta-logo-new-gray.svg\" alt=\"Logo for Vanta\">"
},
{
"src": "/assets/people/02-aleksandr-krasnov.png",
"width": "",
"height": "",
"loading": "lazy",
"html": "<img loading=\"lazy\" src=\"/assets/people/02-aleksandr-krasnov.png\" alt=\"Picture of Aleksandr Krasnov\">"
},
{
"src": "/assets/logos/thinkific-svg-logo.svg",
"width": "",
"height": "",
"loading": "lazy",
"html": "<img loading=\"lazy\" src=\"/assets/logos/thinkific-svg-logo.svg\" alt=\"Logo for Thinkific\">"
},
{
"src": "/assets/people/03-kevin-twingstrom.png",
"width": "",
"height": "",
"loading": "lazy",
"html": "<img loading=\"lazy\" src=\"/assets/people/03-kevin-twingstrom.png\" alt=\"Picture of Kevin Twingstrom\">"
},
{
"src": "/assets/logos/acrisure_logo.svg.png",
"width": "",
"height": "",
"loading": "lazy",
"html": "<img loading=\"lazy\" src=\"/assets/logos/acrisure_logo.svg.png\" alt=\"Logo for Acrisure\">"
},
{
"src": "/assets/guardrails-illo.svg",
"width": "",
"height": "",
"loading": "lazy",
"html": "<img class loading=\"lazy\" src=\"/assets/guardrails-illo.svg\" alt>"
},
{
"src": "https://semgrep.dev/build/assets/semgrep-logo-light-C4TAJLKl.svg",
"width": "",
"height": "",
"loading": "lazy",
"html": "<img loading=\"lazy\" src=\"https://semgrep.dev/build/assets/semgrep-logo-light-C4TAJLKl.svg\" alt=\"return home\">"
},
{
"src": "https://semgrep.dev/build/assets/g2-logo-4xSt8VmV.svg",
"width": "",
"height": "",
"loading": "lazy",
"html": "<img loading=\"lazy\" src=\"https://semgrep.dev/build/assets/g2-logo-4xSt8VmV.svg\" alt=\"g2 logo\">"
},
{
"src": "https://semgrep.dev/build/assets/4-half-stars-ZxI_Rf63.svg",
"width": "",
"height": "",
"loading": "lazy",
"html": "<img loading=\"lazy\" src=\"https://semgrep.dev/build/assets/4-half-stars-ZxI_Rf63.svg\" alt=\"four and a half stars\">"
},
{
"src": "https://semgrep.dev/build/assets/twitter-logo-green-BQpgXluv.svg",
"width": "",
"height": "",
"loading": "lazy",
"html": "<img loading=\"lazy\" src=\"https://semgrep.dev/build/assets/twitter-logo-green-BQpgXluv.svg\" alt=\"connect on twitter\">"
},
{
"src": "https://semgrep.dev/build/assets/slack-logo-green-DabQef3I.svg",
"width": "",
"height": "",
"loading": "lazy",
"html": "<img loading=\"lazy\" src=\"https://semgrep.dev/build/assets/slack-logo-green-DabQef3I.svg\" alt=\"connect on slack\">"
},
{
"src": "https://semgrep.dev/build/assets/github-logo-green-DVqynhSi.svg",
"width": "",
"height": "",
"loading": "lazy",
"html": "<img loading=\"lazy\" src=\"https://semgrep.dev/build/assets/github-logo-green-DVqynhSi.svg\" alt=\"connect on github\">"
},
{
"src": "https://semgrep.dev/build/assets/youtube-logo-green-Df4B_oJ4.svg",
"width": "",
"height": "",
"loading": "lazy",
"html": "<img loading=\"lazy\" src=\"https://semgrep.dev/build/assets/youtube-logo-green-Df4B_oJ4.svg\" alt=\"connect on youtube\">"
},
{
"src": "https://semgrep.dev/build/assets/linkedIn-logo-green-d3WRV14l.svg",
"width": "",
"height": "",
"loading": "lazy",
"html": "<img loading=\"lazy\" src=\"https://semgrep.dev/build/assets/linkedIn-logo-green-d3WRV14l.svg\" alt=\"connect on linkedin\">"
},
{
"src": "https://semgrep.dev/build/assets/bluesky-logo-green-CQBQt-ZY.svg",
"width": "",
"height": "",
"loading": "lazy",
"html": "<img loading=\"lazy\" src=\"https://semgrep.dev/build/assets/bluesky-logo-green-CQBQt-ZY.svg\" alt=\"connect on bluesky\">"
}
],
"possibleDialogs": [],
"score": 80,
"weight": 10
}GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
AIO: Query intent coverage
AIO: Query intent coverage is informational for this page.
Informational
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
AIO: Query intent coverage
AIO: Query intent coverage is informational for this page.
Needs attention
AIO: Query intent coverage
Issue
Missing likely AI Overview intent sections: what, how, benefits, cost, compare.
Details
Why it matters
AI Overviews depend on Google-search eligibility, useful visible content, consistent structured data, answer-first sections, trust signals, and preview controls that permit snippets.
Check name
AIO: Query intent coverage
Score
70/100
Status
informational
Category
GEO, AIO & AEO
Maturity
Emerging recommendation
Goal
Make page content eligible and useful for Google AI Overviews and AI Mode extraction.
Result
AIO: Query intent coverage is informational for this page.
Evidence
{
"headings": [
{
"text": "Built for Builders, Trusted by Security",
"html": "<h2 class=\"h3\"><p>Built for Builders, Trusted by Security</p> </h2>"
},
{
"text": "The high signal code security platform",
"html": "<h2 class=\"h3\">The high signal code 
security platform</h2>"
},
{
"text": "AI woven across the AppSec lifecycle",
"html": "<h2 class=\"section-title\">AI woven across the AppSec lifecycle</h2>"
},
{
"text": "No buzzwords, just real world results",
"html": "<h2 class=\"testimonial-header \"><p>No buzzwords, just<br> real world results</p> </h2>"
}
],
"expected": [
{
"id": "what",
"label": "What is Semgrep App Security Platform?",
"pattern": {}
},
{
"id": "how",
"label": "How does Semgrep App Security Platform work?",
"pattern": {}
},
{
"id": "benefits",
"label": "Why use Semgrep App Security Platform?",
"pattern": {}
},
{
"id": "cost",
"label": "Is Semgrep App Security Platform free or paid?",
"pattern": {}
},
{
"id": "compare",
"label": "How does Semgrep App Security Platform compare with alternatives?",
"pattern": {}
}
],
"missing": [
{
"id": "what",
"label": "What is Semgrep App Security Platform?",
"pattern": {}
},
{
"id": "how",
"label": "How does Semgrep App Security Platform work?",
"pattern": {}
},
{
"id": "benefits",
"label": "Why use Semgrep App Security Platform?",
"pattern": {}
},
{
"id": "cost",
"label": "Is Semgrep App Security Platform free or paid?",
"pattern": {}
},
{
"id": "compare",
"label": "How does Semgrep App Security Platform compare with alternatives?",
"pattern": {}
}
],
"score": 70,
"weight": 4
}Agent Ease of UseAuthEmerging recommendation
Auth.md Agent Registration
Auth.md Agent Registration has an informational finding because the page appears to support authentication.
Informational
Agent Ease of UseAuthEmerging recommendation
Auth.md Agent Registration
Auth.md Agent Registration has an informational finding because the page appears to support authentication.
Needs attention
Auth.md Agent Registration
Issue
auth.md response did not match the expected agent registration shape. Content-Type "text/html; charset=utf-8" is not Markdown or text/plain; missing /.well-known/oauth-protected-resource link; missing /.well-known/oauth-authorization-server link.
Why it matters
Agent registration metadata lets automated clients find the registration path, supported identity types, credential types, and related claim or revocation endpoints without scraping human docs.
Check name
Auth.md Agent Registration
Score
0/100
Status
informational
Category
Auth
Maturity
Emerging recommendation
Goal
Publish Auth.md and agent_auth metadata so agents can discover registration and credential requirements.
Result
Auth.md Agent Registration has an informational finding because the page appears to support authentication.
Validation steps
Fetch and validate /auth.md
auth.md response did not match the expected agent registration shape. Content-Type "text/html; charset=utf-8" is not Markdown or text/plain; missing /.well-known/oauth-protected-resource link; missing /.well-known/oauth-authorization-server link.
Validate agent_auth authorization metadata
Response is not valid JSON.
Evidence
{
"failedStep": "auth-md",
"steps": [
{
"id": "auth-md",
"title": "Fetch and validate /auth.md",
"status": "fail",
"evidence": {
"path": "/auth.md",
"ok": true,
"statusCode": 200,
"contentType": "text/html; charset=utf-8",
"length": 21378,
"validation": {
"valid": false,
"issue": "auth.md response did not match the expected agent registration shape. Content-Type \"text/html; charset=utf-8\" is not Markdown or text/plain; missing /.well-known/oauth-protected-resource link; missing /.well-known/oauth-authorization-server link.",
"compatibleContentType": false,
"contentLength": 18491,
"hasRegisterInstructions": true,
"hasProtectedResourceLink": false,
"hasAuthorizationServerLink": false,
"mentionsIdentity": true,
"mentionsCredential": true,
"links": [
"/api/agent/deployments/:orgId/authorized_actions",
"/api/agent/deployments/:orgId/issue_counts",
"/api/agent/deployments/:orgId/issue_counts",
"/api/agent/deployments/:orgId/issue_counts",
"/api/agent/deployments/:orgId/issue_counts",
"/api/deployments/:orgId/findings_saved_views",
"/orgs/:orgId/findings",
"/api/agent/deployments/:orgId/issues/search",
"/api/agent/deployments/:orgId/issues/search",
"/api/agent/deployments/:orgId/issue_counts"
],
"rawExcerpt": "<!doctype html>\n<html lang=\"en\">\n <head>\n <script nonce=\"fe9870403993d61c5ed7f473686f20fe\">(()=>{const c=[{id:\"deploymentAuthorizedActions\",pathTemplate:\"/api/agent/deployments/:orgId/authorized_actions\",method:\"GET\",bodyTemplate:void 0,queryKeyTemplate:[\"DeploymentService\",\"GetDeploymentAuthorizedActions\",{request:{deploymentId:\":orgId\"}}],isInfiniteQuery:!1,priorityRoutes:[]},{id:\"findingCounts-sast\",pathTemplate:\"/api/agent/deployments/:orgId/issue_counts\",method:\"POST\",bodyTemplate:{issueType:\"ISSUE_TYPE_SAST\",issueTypes:[\"ISSUE_TYPE_SAST\"],filter:{tab:\"ISSUE_TAB_OPEN\",onPrimaryBranch:!0}},queryKeyTemplate:[\"IssuesService\",\"GetIssueCounts\",{request:{deploymentId:\":orgId\",issueType:\"ISSUE_TYPE_SAST\",issueTypes:[\"ISSUE_TYPE_SAST\"],filter:{tab:\"ISSUE_TAB_OPEN\",onPrimaryBranch:!0}}}],i"
}
},
"issue": "auth.md response did not match the expected agent registration shape. Content-Type \"text/html; charset=utf-8\" is not Markdown or text/plain; missing /.well-known/oauth-protected-resource link; missing /.well-known/oauth-authorization-server link.",
"howToFix": "Serve /auth.md at the site root as Markdown with agent registration instructions and links to OAuth metadata."
},
{
"id": "oauth-protected-resource",
"title": "Publish protected resource metadata",
"status": "pass",
"evidence": {
"path": "/.well-known/oauth-protected-resource",
"ok": true,
"statusCode": 200,
"contentType": "text/html; charset=utf-8",
"length": 21378,
"text": "<!doctype html>\n<html lang=\"en\">\n <head>\n <script nonce=\"8ba4898c42b786cdaa7e0f9bc2d79b0a\">(()=>{const c=[{id:\"deploymentAuthorizedActions\",pathTemplate:\"/api/agent/deployments/:orgId/authorized_actions\",method:\"GET\",bodyTemplate:void 0,queryKeyTemplate:[\"DeploymentService\",\"GetDeploymentAuthorizedActions\",{request:{deploymentId:\":orgId\"}}],isInfiniteQuery:!1,priorityRoutes:[]},{id:\"findingCounts-sast\",pathTemplate:\"/api/agent/deployments/:orgId/issue_counts\",method:\"POST\",bodyTemplate:{issueType:\"ISSUE_TYPE_SAST\",issueTypes:[\"ISSUE_TYPE_SAST\"],filter:{tab:\"ISSUE_TAB_OPEN\",onPrimaryBranch:!0}},queryKeyTemplate:[\"IssuesService\",\"GetIssueCounts\",{request:{deploymentId:\":orgId\",issueType:\"ISSUE_TYPE_SAST\",issueTypes:[\"ISSUE_TYPE_SAST\"],filter:{tab:\"ISSUE_TAB_OPEN\",onPrimaryBranch:!0}}}],isInfiniteQuery:!1,priorityRoutes:[],enabled:()=>{try{return localStorage.getItem(\"semgrep-menu-open\")!==\"false\"&&localStorage.getItem(\"semgrep-duplo-enabled\")!==\"true\"}catch{return!1}}},{id:\"findingCounts-sast-duplo\",pathTemplate:\"/api/agent/deployments/:orgId/issue_counts\",method:\"POST\",bodyTemplate:{issueType:\"ISSUE_TYPE_SAST\",issueTypes:[\"ISSUE_TYPE_SAST\",\"ISSUE_TYPE_AI_SAST\"],filter:{tab:\"ISSUE_TAB_OPEN\",onPrimaryBranch:!0}},queryKeyTemplate:[\"IssuesService\",\"GetIssueCounts\",{request:{deploymentId:\":orgId\",issueType:\"ISSUE_TYPE_SAST\",issueTypes:[\"ISSUE_TYPE_SAST\",\"ISSUE_TYPE_AI_SAST\"],filter:{tab:\"ISSUE_TAB_OPEN\",onPrimaryBranch:!0}}}],isInfiniteQuery:!1,priorityRoutes:[],enabled:()=>{try{return localStorage.getItem(\"semgrep-menu-open\")!==\"false\"&&localStorage.getItem(\"semgrep-duplo-enabled\")===\"true\"}catch{return!1}}},{id:\"findingCounts-sca\",pathTemplate:\"/api/agent/deployments/:orgId/issue_counts\",method:\"POST\",bodyTemplate:{issueType:\"ISSUE_TYPE_SCA\",issueTypes:[\"ISSUE_TYPE_SCA\"],filter:{tab:\"ISSUE_TAB_OPEN\",onPrimaryBranch:!0}},queryKeyTemplate:[\"IssuesService\",\"GetIssueCounts\",{request:{deploymentId:\":orgId\",issueType:\"ISSUE_TYPE_SCA\",issueTypes:[\"ISSUE_TYPE_SCA\"],filter:{tab:\"ISSUE_TAB_OPEN\",onPrimaryBranch:!0}}}],isInfiniteQuery:!1,priorityRoutes:[],enabled:()=>{try{return localStorage.getItem(\"semgrep-menu-open\")!==\"false\"}catch{return!1}}},{id:\"findingCounts-secrets\",pathTemplate:\"/api/agent/deployments/:orgId/issue_counts\",method:\"POST\",bodyTemplate:{issueType:\"ISSUE_TYPE_SECRETS\",issueTypes:[\"ISSUE_TYPE_SECRETS\"],filter:{tab:\"ISSUE_TAB_OPEN\"}},queryKeyTemplate:[\"IssuesService\",\"GetIssueCounts\",{request:{deploymentId:\":orgId\",issueType:\"ISSUE_TYPE_SECRETS\",issueTypes:[\"ISSUE_TYPE_SECRETS\"],filter:{tab:\"ISSUE_TAB_OPEN\"}}}],isInfiniteQuery:!1,priorityRoutes:[],enabled:()=>{try{return localStorage.getItem(\"semgrep-menu-open\")!==\"false\"}catch{return!1}}},{id:\"savedViews\",pathTemplate:\"/api/deployments/:orgId/findings_saved_views?\",method:\"GET\",bodyTemplate:void 0,queryKeyTemplate:()=>{let e={};try{e=JSON.parse(localStorage.getItem(\"deployment_data\")||\"{}\")}catch{}return[\"FindingsSavedViewsService\",\"ListFindingsSavedViews\",{request:{deploymentId:String(e?.id??\"\")}}]},isInfiniteQuery:!1,priorityRoutes:[\"/orgs/:orgId/findings\"],onSuccess:e=>{const t=e,s=[];let i=t.savedViews?.find(n=>n.issueType===\"ISSUE_TYPE_SAST\")?.issuesFilter??null;if(i){const n={};for(const[a,o]of Object.entries(i))Array.isArray(o)&&o.length===0||o===\"\"||o===0||(n[a]=o);i=n}i!=null&&(i.onPrimaryBranch!==void 0||Array.isArray(i.refs)&&i.refs.length>0||Array.isArray(i.repositoryRefIds)&&i.repositoryRefIds.length>0||i.backlogType===\"ISSUE_BACKLOG_TYPE_PREPROD\")||(i={...i??{},onPrimaryBranch:!0});const S=localStorage.getItem(\"semgrep-duplo-enabled\")===\"true\",y=localStorage.getItem(\"semgrep:optimized-search\")===\"true\";return window.__prefetchSavedFilter=i,window.__prefetchIssueTypes=S?[\"ISSUE_TYPE_SAST\",\"ISSUE_TYPE_AI_SAST\"]:[\"ISSUE_TYPE_SAST\"],y?s.push({id:\"searchFindingsGrouped-sast\",params:{savedFilter:i??null,isDuplo:S}}):S?s.push({id:\"findingGroups-sast-duplo\",params:{savedFilter:i??null}}):s.push({id:\"findingGroups-sast\",params:{savedFilter:i??null}}),S?s.push({i"
},
"howToFix": "Publish /.well-known/oauth-protected-resource with resource and authorization_servers fields."
},
{
"id": "agent-auth-block",
"title": "Validate agent_auth authorization metadata",
"status": "fail",
"evidence": {
"valid": false,
"validJson": false,
"compatibleContentType": false,
"issue": "Response is not valid JSON.",
"rawExcerpt": "<!doctype html>\n<html lang=\"en\">\n <head>\n <script nonce=\"55dcd2ff9bee121bdf3214f91dcb5af8\">(()=>{const c=[{id:\"deploymentAuthorizedActions\",pathTemplate:\"/api/agent/deployments/:orgId/authorized_actions\",method:\"GET\",bodyTemplate:void 0,queryKeyTemplate:[\"DeploymentService\",\"GetDeploymentAuthorizedActions\",{request:{deploymentId:\":orgId\"}}],isInfiniteQuery:!1,priorityRoutes:[]},{id:\"findingCounts-sast\",pathTemplate:\"/api/agent/deployments/:orgId/issue_counts\",method:\"POST\",bodyTemplate:{issueType:\"ISSUE_TYPE_SAST\",issueTypes:[\"ISSUE_TYPE_SAST\"],filter:{tab:\"ISSUE_TAB_OPEN\",onPrimaryBranch:!0}},queryKeyTemplate:[\"IssuesService\",\"GetIssueCounts\",{request:{deploymentId:\":orgId\",issueType:\"ISSUE_TYPE_SAST\",issueTypes:[\"ISSUE_TYPE_SAST\"],filter:{tab:\"ISSUE_TAB_OPEN\",onPrimaryBranch:!0}}}],i"
},
"issue": "Response is not valid JSON.",
"howToFix": "Add agent_auth to /.well-known/oauth-authorization-server with register_uri, supported identity types, credential types, and claim or revocation URLs where applicable."
}
],
"authApplicability": {
"supportsAuth": true,
"score": 6,
"signals": [
{
"source": "link:href",
"weight": 3,
"match": "auth link"
},
{
"source": "visible-text",
"weight": 3,
"match": "sign in"
}
]
},
"resourceFetchSucceeded": false
}GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
GEO: Q&A and FAQ opportunities
GEO: Q&A and FAQ opportunities is informational for this page.
Informational
GEO, AIO and AEOGEO, AIO & AEOEmerging recommendation
GEO: Q&A and FAQ opportunities
GEO: Q&A and FAQ opportunities is informational for this page.
Needs attention
GEO: Q&A and FAQ opportunities
Issue
4 h2 heading(s) are not phrased as questions; this is optional and only useful where Q&A wording is natural. No visible FAQ or FAQPage schema was detected; this is optional unless the page answers common questions.
Details
Why it matters
Generative engines favor pages with self-contained answer passages, clear entities, structured data, summaries, FAQ patterns, and crawler-accessible HTML that can be cited without extra interpretation.
Check name
GEO: Q&A and FAQ opportunities
Score
75/100
Status
informational
Category
GEO, AIO & AEO
Maturity
Emerging recommendation
Goal
Make page content easy for AI answer engines to extract, cite, and attribute.
Result
GEO: Q&A and FAQ opportunities is informational for this page.
Evidence
{
"h2Count": 4,
"questionH2s": 0,
"hasFaq": false,
"nonQuestionH2s": [
{
"index": 1,
"text": "Built for Builders, Trusted by Security",
"isQuestion": false,
"html": "<h2 class=\"h3\"><p>Built for Builders, Trusted by Security</p> </h2>"
},
{
"index": 2,
"text": "The high signal code security platform",
"isQuestion": false,
"html": "<h2 class=\"h3\">The high signal code 
security platform</h2>"
},
{
"index": 3,
"text": "AI woven across the AppSec lifecycle",
"isQuestion": false,
"html": "<h2 class=\"section-title\">AI woven across the AppSec lifecycle</h2>"
},
{
"index": 4,
"text": "No buzzwords, just real world results",
"isQuestion": false,
"html": "<h2 class=\"testimonial-header \"><p>No buzzwords, just<br> real world results</p> </h2>"
}
],
"score": 75,
"weight": 4
}AI DiscoverabilityDiscoverabilityEstablished
IndexNow key
IndexNow key is informational for this page.
Informational
AI DiscoverabilityDiscoverabilityEstablished
IndexNow key
IndexNow key is informational for this page.
Needs attention
IndexNow key
Issue
IndexNow key is informational for this page.
Why it matters
IndexNow lets sites notify participating search engines about changed URLs, but ownership verification requires a UTF-8 key file whose filename matches the key.
Check name
IndexNow key
Score
100/100
Status
informational
Category
Discoverability
Maturity
Established
Goal
Verify that IndexNow ownership key placement is detectable when the site advertises it.
Result
IndexNow key is informational for this page.
Validation steps
Find advertised IndexNow key location
No IndexNow key location was advertised in HTML, Link headers, or robots.txt.
Fetch and validate IndexNow key file
No discoverable IndexNow key file was found.
Evidence
{
"steps": [
{
"id": "advertised-location",
"title": "Find advertised IndexNow key location",
"status": "informational",
"evidence": {
"advertised": []
},
"issue": "No IndexNow key location was advertised in HTML, Link headers, or robots.txt.",
"howToFix": "Advertise the key location with robots.txt IndexNow-Key, rel=\"indexnow-key\", or meta name=\"indexnow-key-location\" if you want scanners to verify it."
},
{
"id": "fetch-key",
"title": "Fetch and validate IndexNow key file",
"status": "informational",
"evidence": {
"advertised": [],
"checked": []
},
"issue": "No discoverable IndexNow key file was found.",
"howToFix": "Host a UTF-8 text file named {key}.txt using a 32-character hexadecimal key whose body exactly matches the key."
}
]
}Agent Ease of UseAuthEstablished
OAuth / OIDC discovery
OAuth / OIDC discovery has an informational finding because the page appears to support authentication.
Informational
Agent Ease of UseAuthEstablished
OAuth / OIDC discovery
OAuth / OIDC discovery has an informational finding because the page appears to support authentication.
Needs attention
OAuth / OIDC discovery
Issue
Response is not valid JSON.
Why it matters
OAuth and OIDC discovery let agents find authorization, token, and key endpoints programmatically instead of relying on human documentation.
Check name
OAuth / OIDC discovery
Score
0/100
Status
informational
Category
Auth
Maturity
Established
Goal
Publish OAuth/OIDC discovery metadata so agents can authenticate with your APIs.
Result
OAuth / OIDC discovery has an informational finding because the page appears to support authentication.
Validation steps
Validate resource body
Response is not valid JSON.
Probe authorization endpoint with an authorization-code request
authorization_endpoint is missing from discovery metadata.
Reject unregistered authorization redirects
authorization_endpoint is missing from discovery metadata.
Probe token endpoint with advertised grant type
token_endpoint is missing from discovery metadata.
Evidence
{
"failedStep": "validate",
"steps": [
{
"id": "fetch",
"title": "Fetch discovery resource",
"status": "pass",
"evidence": {
"path": "/.well-known/openid-configuration",
"statusCode": 200,
"contentType": "text/html; charset=utf-8"
}
},
{
"id": "validate",
"title": "Validate resource body",
"status": "fail",
"evidence": {
"valid": false,
"compatibleContentType": false,
"issue": "Response is not valid JSON.",
"rawExcerpt": "<!doctype html>\n<html lang=\"en\">\n <head>\n <script nonce=\"78541ed82ab4520cd46374e5c5114228\">(()=>{const c=[{id:\"deploymentAuthorizedActions\",pathTemplate:\"/api/agent/deployments/:orgId/authorized_actions\",method:\"GET\",bodyTemplate:void 0,queryKeyTemplate:[\"DeploymentService\",\"GetDeploymentAuthorizedActions\",{request:{deploymentId:\":orgId\"}}],isInfiniteQuery:!1,priorityRoutes:[]},{id:\"findingCounts-sast\",pathTemplate:\"/api/agent/deployments/:orgId/issue_counts\",method:\"POST\",bodyTemplate:{issueType:\"ISSUE_TYPE_SAST\",issueTypes:[\"ISSUE_TYPE_SAST\"],filter:{tab:\"ISSUE_TAB_OPEN\",onPrimaryBranch:!0}},queryKeyTemplate:[\"IssuesService\",\"GetIssueCounts\",{request:{deploymentId:\":orgId\",issueType:\"ISSUE_TYPE_SAST\",issueTypes:[\"ISSUE_TYPE_SAST\"],filter:{tab:\"ISSUE_TAB_OPEN\",onPrimaryBranch:!0}}}],i"
},
"issue": "Response is not valid JSON.",
"howToFix": "Publish valid OAuth/OIDC metadata only when the site actually supports OAuth/OIDC. Otherwise omit provider discovery and document any unauthenticated public APIs separately."
},
{
"id": "authorization-endpoint",
"title": "Probe authorization endpoint with an authorization-code request",
"status": "fail",
"evidence": {
"url": ""
},
"issue": "authorization_endpoint is missing from discovery metadata.",
"howToFix": "Advertise only implemented OAuth/OIDC endpoints."
},
{
"id": "authorization-redirect-safety",
"title": "Reject unregistered authorization redirects",
"status": "fail",
"evidence": {
"url": ""
},
"issue": "authorization_endpoint is missing from discovery metadata.",
"howToFix": "Validate clients and redirect_uri values before redirecting."
},
{
"id": "token-endpoint",
"title": "Probe token endpoint with advertised grant type",
"status": "fail",
"evidence": {
"url": ""
},
"issue": "token_endpoint is missing from discovery metadata.",
"howToFix": "Advertise only implemented OAuth/OIDC endpoints."
}
],
"authApplicability": {
"supportsAuth": true,
"score": 6,
"signals": [
{
"source": "link:href",
"weight": 3,
"match": "auth link"
},
{
"source": "visible-text",
"weight": 3,
"match": "sign in"
}
]
},
"resourceFetchSucceeded": true
}Agent Ease of UseAuthEmerging recommendation
OAuth Protected Resource
OAuth Protected Resource has an informational finding because the page appears to support authentication.
Informational
Agent Ease of UseAuthEmerging recommendation
OAuth Protected Resource
OAuth Protected Resource has an informational finding because the page appears to support authentication.
Needs attention
OAuth Protected Resource
Issue
Response is not valid JSON.
Why it matters
Protected Resource metadata tells agents which authorization servers protect an API and how to connect authentication challenges to the right resource.
Check name
OAuth Protected Resource
Score
0/100
Status
informational
Category
Auth
Maturity
Emerging recommendation
Goal
Publish OAuth Protected Resource Metadata so agents can discover how to authenticate.
Result
OAuth Protected Resource has an informational finding because the page appears to support authentication.
Validation steps
Validate protected resource metadata
Response is not valid JSON.
Validate protected resource identity
Protected resource metadata `resource` did not match the resource identifier used to retrieve it.
Probe protected API Bearer challenge
No protected route with a 401 Bearer challenge was detected; metadata alone does not prove a protected resource.
Evidence
{
"failedStep": "metadata",
"steps": [
{
"id": "fetch",
"title": "Fetch protected resource metadata",
"status": "pass",
"evidence": {
"path": "/.well-known/oauth-protected-resource",
"statusCode": 200,
"contentType": "text/html; charset=utf-8"
},
"howToFix": "Publish /.well-known/oauth-protected-resource JSON."
},
{
"id": "metadata",
"title": "Validate protected resource metadata",
"status": "fail",
"evidence": {
"valid": false,
"compatibleContentType": false,
"issue": "Response is not valid JSON.",
"rawExcerpt": "<!doctype html>\n<html lang=\"en\">\n <head>\n <script nonce=\"cf4eb9cdb0ec5e9ae5b341132525125e\">(()=>{const c=[{id:\"deploymentAuthorizedActions\",pathTemplate:\"/api/agent/deployments/:orgId/authorized_actions\",method:\"GET\",bodyTemplate:void 0,queryKeyTemplate:[\"DeploymentService\",\"GetDeploymentAuthorizedActions\",{request:{deploymentId:\":orgId\"}}],isInfiniteQuery:!1,priorityRoutes:[]},{id:\"findingCounts-sast\",pathTemplate:\"/api/agent/deployments/:orgId/issue_counts\",method:\"POST\",bodyTemplate:{issueType:\"ISSUE_TYPE_SAST\",issueTypes:[\"ISSUE_TYPE_SAST\"],filter:{tab:\"ISSUE_TAB_OPEN\",onPrimaryBranch:!0}},queryKeyTemplate:[\"IssuesService\",\"GetIssueCounts\",{request:{deploymentId:\":orgId\",issueType:\"ISSUE_TYPE_SAST\",issueTypes:[\"ISSUE_TYPE_SAST\"],filter:{tab:\"ISSUE_TAB_OPEN\",onPrimaryBranch:!0}}}],i"
},
"issue": "Response is not valid JSON.",
"howToFix": "Publish resource and authorization_servers as absolute URLs."
},
{
"id": "resource-identity",
"title": "Validate protected resource identity",
"status": "fail",
"evidence": {
"expectedResource": "https://semgrep.dev"
},
"issue": "Protected resource metadata `resource` did not match the resource identifier used to retrieve it.",
"howToFix": "Set `resource` to the origin/resource identifier represented by /.well-known/oauth-protected-resource."
},
{
"id": "protected-route-challenge",
"title": "Probe protected API Bearer challenge",
"status": "informational",
"evidence": {
"checked": [
{
"path": "/api/admin/scans",
"error": "TimeoutError: The operation was aborted due to timeout"
},
{
"path": "/api/admin/summary",
"error": "TimeoutError: The operation was aborted due to timeout"
},
{
"path": "/api/scans",
"error": "TimeoutError: The operation was aborted due to timeout"
}
]
},
"issue": "No protected route with a 401 Bearer challenge was detected; metadata alone does not prove a protected resource.",
"howToFix": "When this site exposes bearer-protected APIs, return 401 with WWW-Authenticate: Bearer and link resource_metadata."
}
],
"authApplicability": {
"supportsAuth": true,
"score": 6,
"signals": [
{
"source": "link:href",
"weight": 3,
"match": "auth link"
},
{
"source": "visible-text",
"weight": 3,
"match": "sign in"
}
]
},
"resourceFetchSucceeded": true
}Performance and AccessibilityAccessibilityBrowser audit
Background and foreground colors do not have a sufficient contrast ratio.
50 Fail
Performance and AccessibilityAccessibilityBrowser audit
Background and foreground colors do not have a sufficient contrast ratio.
Check name
Background and foreground colors do not have a sufficient contrast ratio.
Score
0/100
Status
fail
Device
desktop
Category
Accessibility
Fix guidance
Low-contrast text is difficult or impossible for many users to read. [Learn how to provide sufficient color contrast](https://dequeuniversity.com/rules/axe/4.11/color-contrast).
References
https://web.dev/learn/accessibility/Evidence
{
"description": "Low-contrast text is difficult or impossible for many users to read. [Learn how to provide sufficient color contrast](https://dequeuniversity.com/rules/axe/4.11/color-contrast)."
}Performance and AccessibilityAccessibilityBrowser audit
Image elements do not have `[alt]` attributes
50 Fail
Performance and AccessibilityAccessibilityBrowser audit
Image elements do not have `[alt]` attributes
Check name
Image elements do not have `[alt]` attributes
Score
0/100
Status
fail
Device
desktop
Category
Accessibility
Fix guidance
Informative elements should aim for short, descriptive alternate text. Decorative elements can be ignored with an empty alt attribute. [Learn more about the `alt` attribute](https://dequeuniversity.com/rules/axe/4.11/image-alt).
References
https://web.dev/learn/accessibility/Evidence
{
"description": "Informative elements should aim for short, descriptive alternate text. Decorative elements can be ignored with an empty alt attribute. [Learn more about the `alt` attribute](https://dequeuniversity.com/rules/axe/4.11/image-alt)."
}SEOSEOBrowser audit
Image elements do not have `[alt]` attributes
50 Fail
SEOSEOBrowser audit
Image elements do not have `[alt]` attributes
Check name
Image elements do not have `[alt]` attributes
Score
0/100
Status
fail
Device
desktop
Category
SEO
Fix guidance
Informative elements should aim for short, descriptive alternate text. Decorative elements can be ignored with an empty alt attribute. [Learn more about the `alt` attribute](https://dequeuniversity.com/rules/axe/4.11/image-alt).
Evidence
{
"description": "Informative elements should aim for short, descriptive alternate text. Decorative elements can be ignored with an empty alt attribute. [Learn more about the `alt` attribute](https://dequeuniversity.com/rules/axe/4.11/image-alt)."
}SEOSEOBrowser audit
Links do not have descriptive text
50 Fail
SEOSEOBrowser audit
Links do not have descriptive text
Check name
Links do not have descriptive text
Score
0/100
Status
fail
Device
desktop
Category
SEO
Estimated savings
6 links found
Fix guidance
Descriptive link text helps search engines understand your content. [Learn how to make links more accessible](https://developer.chrome.com/docs/lighthouse/seo/link-text/).
Evidence
{
"displayValue": "6 links found",
"description": "Descriptive link text helps search engines understand your content. [Learn how to make links more accessible](https://developer.chrome.com/docs/lighthouse/seo/link-text/)."
}Performance and AccessibilityPerformanceBrowser audit
Document does not have a main landmark.
25 Fail
Performance and AccessibilityPerformanceBrowser audit
Document does not have a main landmark.
Check name
Document does not have a main landmark.
Score
0/100
Status
fail
Device
desktop
Category
Performance
Fix guidance
One main landmark helps screen reader users navigate a web page. [Learn more about landmarks](https://dequeuniversity.com/rules/axe/4.11/landmark-one-main).
References
https://web.dev/learn/performance/Evidence
{
"description": "One main landmark helps screen reader users navigate a web page. [Learn more about landmarks](https://dequeuniversity.com/rules/axe/4.11/landmark-one-main)."
}Performance and AccessibilityPerformanceBrowser audit
Render-blocking requests
25 Fail
Performance and AccessibilityPerformanceBrowser audit
Render-blocking requests
Check name
Render-blocking requests
Score
0/100
Status
fail
Device
desktop
Category
Performance
Estimated savings
Est savings of 100 ms
Fix guidance
Requests are blocking the page's initial render, which may delay LCP. [Deferring or inlining](https://developer.chrome.com/docs/performance/insights/render-blocking) can move these network requests out of the critical path.
References
https://web.dev/learn/performance/Evidence
{
"displayValue": "Est savings of 100 ms",
"description": "Requests are blocking the page's initial render, which may delay LCP. [Deferring or inlining](https://developer.chrome.com/docs/performance/insights/render-blocking) can move these network requests out of the critical path."
}Performance and AccessibilityPerformanceBrowser audit
Minify JavaScript
13 Warning
Performance and AccessibilityPerformanceBrowser audit
Minify JavaScript
Check name
Minify JavaScript
Score
50/100
Status
warning
Device
desktop
Category
Performance
Estimated savings
Est savings of 4 KiB
Fix guidance
Minifying JavaScript files can reduce payload sizes and script parse time. [Learn how to minify JavaScript](https://developer.chrome.com/docs/lighthouse/performance/unminified-javascript/).
References
https://web.dev/learn/performance/Evidence
{
"displayValue": "Est savings of 4 KiB",
"description": "Minifying JavaScript files can reduce payload sizes and script parse time. [Learn how to minify JavaScript](https://developer.chrome.com/docs/lighthouse/performance/unminified-javascript/).",
"numericValue": 0
}Performance and AccessibilityPerformanceBrowser audit
Loading performance
9 Fail
Performance and AccessibilityPerformanceBrowser audit
Loading performance
Check name
Loading performance
Score
64/100
Status
fail
Device
desktop
Category
Performance
Fix guidance
Review the grouped loading performance checks and improve the failing sub-checks listed in evidence.
References
https://web.dev/learn/performance/Evidence
{
"checks": [
{
"id": "speed-index",
"title": "Speed Index",
"score": 57,
"displayValue": "2.1 s",
"numericValue": 2117.018868494566
},
{
"id": "interactive",
"title": "Time to Interactive",
"score": 48,
"displayValue": "4.6 s",
"numericValue": 4593.023751675368
},
{
"id": "max-potential-fid",
"title": "Max Potential First Input Delay",
"score": 46,
"displayValue": "260 ms",
"numericValue": 263
},
{
"id": "largest-contentful-paint",
"title": "Largest Contentful Paint",
"score": 24,
"displayValue": "3.5 s",
"numericValue": 3466.0246749978687
},
{
"id": "server-response-time",
"title": "Initial server response time was short",
"score": 100,
"displayValue": "Root document took 140 ms",
"numericValue": 136
},
{
"id": "first-contentful-paint",
"title": "First Contentful Paint",
"score": 99,
"displayValue": "0.6 s",
"numericValue": 581.3794223955438
},
{
"id": "total-blocking-time",
"title": "Total Blocking Time",
"score": 40,
"displayValue": "410 ms",
"numericValue": 410.99999999999955
},
{
"id": "network-rtt",
"title": "Network Round Trip Times",
"score": 100,
"displayValue": "30 ms",
"numericValue": 29.564729999999997
}
]
}Fix with MCP or CLI
Use this report as the handoff into remediation. Generate a coding-agent prompt with the failing checks attached, or jump to the MCP and CLI setup docs before your next rescan.
Score history
Public scan score over time
Public reports for this website origin. Select any point or report link to open that canonical report.
| Scan date | Score | Readiness | Report |
|---|---|---|---|
| 48/100 | Level 2, Agent-Limited | Current report |