CodeFrog is a professional, Flutter‑based mobile and desktop app that brings modern development workflows to your pocket. With API integrations with GitHub, Linode, Hetzner, and Sendgrid, secure SSH server management, GitHub PR review integrations, and a powerful Web Testing and Security Scanning toolkit, CodeFrog helps you diagnose, fix, and ship software faster—from anywhere.
CodeFrog is currently in development. I hope to have a macOS release before the end of the year.
Ethical and legal use notice: Only run security scans against systems you own or are explicitly authorized to test. Unauthorized scanning may violate laws and terms of service.
Security Scanning Features
CodeFrog’s security scanners focus on high‑signal, read‑only checks inspired by OWASP guidance and industry best practices.
- Single‑site security scanner with OWASP‑based checks
- Bulk security scanner connected to Linode API for DNS with concurrent scanning of multiple targets
- HTTPS/HTTP automatic fallback with clear indicators
- Real‑time streaming results as scans complete
- Critical findings popup alerts
- Severity‑based filtering (Critical, High, Medium, Low, Info)
- Live findings display while scanning is in progress
- HTTP fallback indicators throughout the UI
- Selectable/copyable URLs and findings
- “Open in browser” buttons for quick access
What this means in practice:
- CodeFrog performs safe, read‑only HTTP methods (HEAD/GET/OPTIONS)
- Results stream in as each target finishes—no need to wait for the entire batch
- If HTTPS fails, CodeFrog retries over HTTP and clearly marks any fallback usage
- Critical results trigger a blocking alert so you can prioritize remediation immediately
Export & share:
- Export findings as JSON/Markdown/CSV
- Copy‑to‑clipboard for single findings or entire result sets
- Summary chips by severity filtering in bulk mode
Web Testing & Code Analysis Features
A practical suite for validating web experiences and inspecting network characteristics—all in one place.
-
HTML validation
-
Meta tags analysis
-
Page timing metrics
-
Size analysis
-
Accessibility scanning
-
Open Source Vulnerability scanning (OSV.dev)
-
Static analysis with OpenGrep/Semgrep (macOS desktop)
-
Line counting with configurable exclusions (e.g., *.log files)
-
Secrets scanning with Gitleaks (MIT licensed, bundled)
-
Exclusion of third‑party directories (e.g., Pods) from secrets scans
-
Exclusion of Flutter build artifacts (.dart_tool, build) from scans
-
Selectable/copyable validator results with “Copy All Errors” action
-
Display of zero‑count severities in bulk scanner
-
“Scan first N unscanned” functionality for incremental scanning
Highlights:
- Accurate timing breakdown (DNS, TCP connect, TLS handshake, TTFB, download)
- Resource inventory with compressed/uncompressed size insights
- Meta tags validator for Open Graph and Twitter Card with quick previews
GitHub Integration
Turn PR feedback into action with lightweight, mobile‑friendly workflows.
- PR comments viewer with CodeRabbit integration
- Easy export of GitHub PR comments into Augment Code markdown task list format
- Task titles prefixed with PR number and comment number (e.g., “PR#45 Comment #123: task title”)
- Bulk selection and delete/re‑import functionality for GitHub tasks
- Filtering for unresolved comments only
- Hide/expand first comment by default
- Import options (first/5/10/all comments)
- Structured AI suggestion parsing with title and description sections
- Export/post all remaining raw comment texts when lacking AI summary
Benefits:
- Create actionable tasks from PR comments in seconds
- Keep review context portable across devices and sessions
- Maintain signal by filtering unresolved items and hiding nitpicks by default
Servers Screen Features
Manage and monitor your development infrastructure securely.
- At‑a‑glance server statistics dashboard showing all servers simultaneously
- Real‑time disk space monitoring with cron job setup
- SSH connection pooling (one login per unique server)
- Server management with RSA 4096‑bit SSH keys
- Secure private key storage via Flutter Secure Storage
Why it matters:
- Strong, key‑based authentication by default (RSA‑4096)
- Minimal re‑authentication thanks to connection pooling
- Early warning on low‑disk conditions—right inside the app
API Integrations & Automation Value
CodeFrog connects to your ecosystem to eliminate manual tasks and coordinate workflows.
Hetzner API
- SSH key management
- Server statistics retrieval
Linode API
- Automated domain discovery for bulk security scanning
- DNS record enumeration
- Website target generation from domain records
SendGrid API
- Disk space notification service (low-disk alerts via email)
GitHub API
- PR comments retrieval and parsing
- Issue/comment status management (resolve/unresolve)
- Task import automation
- Integration with Augment Code workflow
Each integration replaces multi‑tool manual steps with streamlined, in‑app actions. The result: fewer context switches and faster cycles from feedback to fix.
Architecture and Privacy at a Glance
- Flutter + Dart with Riverpod for reactive state
- Read‑only scanners; no active exploitation or credential use
- Hybrid data model: local SQLite (drift) for session data; secure storage for secrets
- HTTPS/HTTP fallback clearly indicated; TLS verification on by default
- Accessibility and WCAG AA contrast targets across the UI
Getting Started
- Open CodeFrog and navigate to Web Testing → Security Scan
- Enter a URL or switch to Bulk mode to scan multiple targets
- Watch live results stream in; use filters and “Open in browser” to inspect quickly
- Export findings and copy summaries directly to issues or tasks
For GitHub PR workflows, open the PR viewer to import comments as tasks, filter unresolved discussions, and keep your reviews moving—wherever you are.
A safer, faster path from feedback to fix
With practical, read‑only checks and tight integrations, CodeFrog turns security scanning and web diagnostics into a fast, mobile‑ready workflow. Combine it with GitHub PR tooling and server management to close the loop—from detection to resolution—without leaving your device.
