Key Features

We analyze your site thoroughly through 5 audit lenses

Security Audit

Checks for OWASP Top 10 vulnerabilities, secret leaks, authentication patterns, webhook security, and more.

Core Web Vitals analysis, Japan CDN optimization, mobile performance, and asset optimization.

Webhook signature verification, token management, LIFF configuration, and rate limit handling.

Character encoding, date/currency formats, multilingual support, and Japanese UX patterns.

Outdated dependencies, code structure analysis, deployment risks, and technical debt assessment.

Audit Findings (Markdown)

## 重要な問題

### Critical — APIキーがハードコード

- ファイル: src/config.ts:24

- 影響: 第三者によるAPI悪用の可能性

- 修正: 環境変数に移行

## 改善提案

### Medium — 画像の最適化

- 未圧縮の画像が12件検出

- 推定改善: LCP -1.2s

Client Report (PDF)

Critical: 1

Medium: 3

Low: 2

Issues that can be safely fixed are automatically created as reviewed pull requests.

fix: move hardcoded API key to environment variable

-const API_KEY = "sk_live_abc123...";

+const API_KEY = process.env.API_KEY;

Checks Liquid template security, storefront API tokens, app permission scopes, and checkout scripts.

Understand the current state of your website. Take the first step toward improvement with a free initial audit.