SAMPLE AUDITRead-only preview

What a Hyrax audit looks like

This is a real audit of an open-source billing API. Hyrax found 14 issues, fixed 12 automatically, and opened a PR. The whole process took 2 minutes 34 seconds.

Scan started
0:00
847 files read
0:12
14 findings identified
0:34
12 fixes generated
1:47
PR opened
2:34
Findings
2 Critical5 High7 Medium
WHY THIS MATTERS

User-controlled input is directly concatenated into a SQL query string. An attacker could inject malicious SQL to read, modify, or delete data from the database. This is a CVSS 9.8 critical vulnerability.

VULNERABLE CODE
async function getInvoicesByUser(userId: string) {
  const query = `
    SELECT * FROM invoices 
    WHERE user_id = '${userId}'
    ORDER BY created_at DESC
  `;
  return await db.query(query);
}
HYRAX FIX
async function getInvoicesByUser(userId: string) {
  const query = `
    SELECT * FROM invoices 
    WHERE user_id = $1
    ORDER BY created_at DESC
  `;
  return await db.query(query, [userId]);
}
45 minutes of engineer time saved
Pull RequestMERGED
[Hyrax] Fix 12 security and code quality issues

This PR addresses findings from Hyrax audit run #847. All changes have passed 13-step verification including type checking, linting, tests, and security validation.

FILES CHANGED
8
LINES CHANGED
+127/-89
QUALITY GATES PASSED
TypeScript
ESLint
Unit Tests
Security Scan
Build
AUDIT SUMMARY
Total scan time2m 34s
Files scanned847
Lines of code52,340
Findings14
Auto-fixed12
Needs review2
Engineer time saved~18 hours
Run an audit on your repo