Vercel deepsec with Claude Code
Open-source security harness from vercel-labs that audits your repo with Claude Opus. Wire it into the Claude Code build loop.
Stop configuring. Start building.
SaaS builder templates with AI orchestration.
Problem: Static scanners flag style and miss the bug a security engineer would catch on read-through. Snyk and Semgrep look at known patterns. They do not read intent. Path traversal in your own glue code, broken auth in a route handler, an SSRF inside a server action. Pattern matchers walk past those because the shape is yours, not a CVE template.
deepsec does the read. Vercel open-sourced it on May 4, 2026 under vercel-labs. It is a CLI, Apache 2.0, and it points your existing Claude Opus 4.7 (or Codex GPT-5.5) at your repo at max thinking. Findings come back ranked by severity, with git blame stuck on each one.
The point of this post is not to use deepsec on its own. The point is to wire it into a Claude Code session so the same model that built the feature also fixes what the audit returns.
Quick Win: Drop into a repo and try one PR-scoped pass:
ANTHROPIC_AUTH_TOKEN=$ANTHROPIC_API_KEY \
npx deepsec init && \
pnpm --dir .deepsec install && \
pnpm --dir .deepsec deepsec process --diffWhat deepsec actually is
A harness, not a scanner. The regex layer at the top handles file selection. Coding agents do the actual analysis. Each finding lands as a JSON FileRecord under .deepsec/data/<projectId>/, additive on every run.
Pluggable agents mean you pick the model. Vercel's default is Claude Opus 4.7 at max effort or Codex GPT-5.5 at xhigh, both routed through Vercel AI Gateway. Bring your own Anthropic key and the gateway step is optional.
False positive rate sits around 10 to 20%. Cost on a fresh laptop run is a few dollars per hundred files. On a real monorepo it climbs into the thousands. That is the tradeoff for agentic depth.
The Five Stages
Every run walks the same pipeline. Each stage is idempotent so you can rerun any of them in isolation:
| Stage | What runs | AI cost |
|---|---|---|
scan | ~110 regex matchers pick security-sensitive files | None |
process | Agents read each file, trace data flows, write findings | High |
revalidate | A second agent pass tags false positives | Medium |
enrich | Git blame stamps owner metadata on each finding | None |
export | Markdown per finding (P0 to P2) plus JSON | None |
scan finishes in around 15 seconds on a 2k-file repo. The cost lives in process. That is where you decide how much to pay.
Final File Tree
After init, your repo gets a single tracked folder and an ignored data tree:
your-repo/
├── .deepsec/
│ ├── deepsec.config.ts
│ ├── package.json
│ └── data/
│ └── <projectId>/
│ ├── INFO.md
│ ├── records/
│ └── findings/
├── .claude/
│ ├── skills/
│ │ └── deepsec/
│ │ └── SKILL.md
│ └── agents/
│ └── security-fixer.md
└── package.jsonINFO.md is the project context the agents read first. Auto-fill it from your discovery docs if you have them. The agents follow it like a CLAUDE.md.
Wrap deepsec as a Claude Code Skill
The skill is a thin shell. It hands off to the deepsec CLI and parses what comes back. The skill never decides what to fix. That is the agent's job below.
Create the file at .claude/skills/deepsec/SKILL.md:
---
name: deepsec
description: Run a Vercel deepsec audit on the current repo. Triggers on "audit security", "run deepsec", "scan for vulnerabilities". Returns the path to the findings folder.
---
# deepsec
CLI wrapper around vercel-labs/deepsec.
## Commands
Init (once per repo):
```bash
npx deepsec init && pnpm --dir .deepsec install
```
PR-scoped pass (cheap, run on every feature):
```bash
pnpm --dir .deepsec deepsec process --diff
pnpm --dir .deepsec deepsec revalidate
pnpm --dir .deepsec deepsec export --format md-dir --out ../findings
```
Full scan (expensive, run weekly):
```bash
pnpm --dir .deepsec deepsec sandbox process --sandboxes 10 --concurrency 4
```
Output lives at `./findings/*.md`. Hand the folder to `security-fixer`.Build the security-fixer Agent
This is the loop closer. The agent reads each markdown finding, opens the file deepsec flagged, and either patches it or writes a justification. Then it re-runs revalidate to confirm the patch sticks.
Create .claude/agents/security-fixer.md:
---
name: security-fixer
description: Reads deepsec findings and patches each one. Fails if any P0 remains after one pass.
tools: Read, Edit, Write, Bash, Grep
---
You receive a folder of deepsec findings at `./findings/`.
For each file in the folder:
1. Read the finding. Note the severity (P0 / P1 / P2), file path, line range, and proposed mitigation.
2. Open the source file at the cited line range.
3. If the finding is correct, patch the code. Keep the patch minimal. No drive-by refactors.
4. If the finding is a false positive, add a one-line justification comment with the deepsec finding ID. Do not silence the finding any other way.
5. Move the markdown to `./findings/resolved/`.
After the loop, run:
```bash
pnpm --dir .deepsec deepsec process --diff && \
pnpm --dir .deepsec deepsec revalidate
```
If any P0 remains, exit with status 1. The orchestrator will requeue.Two agents now own the security loop. deepsec finds. security-fixer patches. Neither one trusts itself.
Hook It Into /ship
Most build systems already have a feature-completion command. In Build This Now that is /ship. The audit fits at the end, after the GAN evaluator passes and before the feature is marked done.
Add a step to your existing pipeline. The exact wiring depends on your orchestrator, but the shape is the same:
- name: deepsec audit
run: pnpm --dir .deepsec deepsec process --diff && \
pnpm --dir .deepsec deepsec revalidate && \
pnpm --dir .deepsec deepsec export --format md-dir --out ./findings
- name: fix findings
agent: security-fixer
inputs:
findings_dir: ./findings
fail_on: P0Run it on the diff, not the whole repo. Full scans go in a weekly cron, not the per-feature loop. The diff mode keeps the bill in the dollars and the wall clock under a minute.
Cost and Cadence
Three modes, three budgets. Pick by what you can afford and what you ship:
| Mode | Cost per run | Cadence | Use case |
|---|---|---|---|
--diff on PR | $1 to $20 | Every feature | The default. Catches what the LLM just wrote. |
| Sandbox fanout | $50 to $500 | Weekly | The whole repo, parallel across Vercel Sandboxes. |
| Full local scan | $1k to $10k+ | Quarterly | The deep audit. Plan it like a security engagement. |
Vercel runs the sandbox mode at over a thousand concurrent containers on their own monorepo. You will not need that. Ten sandboxes at concurrency four covers a Next.js app comfortably.
Layer Vercel Agent on the PR
deepsec is the local layer. Vercel Agent is the remote one. It reads your CLAUDE.md natively and replies on the PR when you tag it.
Open the PR, tag the agent, and Claude Code reads the comments back through gh:
gh pr comment <num> --body "@vercel run a review"
gh pr view <num> --commentsTwo sets of eyes. One inside the editor at write time. One on GitHub at review time. They overlap on purpose.
What You Get After One Feature
Run the full loop on a new endpoint and you end up with:
.deepsec/data/<projectId>/findings/: JSON record per finding, owner included./findings/*.md: human-readable findings, one file each- A clean diff against your branch with each P0 patched
- A revalidate pass that confirms the patches close the finding
- Zero P0 findings open at merge time
That is the target state. If you cannot hit it, the feature does not ship.
Remember: deepsec does not catch business-logic flaws, role-based authz edge cases, or async races. It catches the bugs an experienced security engineer would catch on a careful read. Pair it with hooks for the rest. Sandbox the runtime. Stack the layers.
The old security pass was a quarterly engagement and a stack of Jira tickets. The new one runs in the same loop that wrote the code, in dollars instead of weeks. Build the loop once. Ship audited features after that.
Posted by @speedy_devv
Stop configuring. Start building.
SaaS builder templates with AI orchestration.