Security teams face a common challenge: too many application vulnerabilities and not enough people to address them. Existing static analysis tools help, but only to a point — they typically match code against known vulnerability patterns. That catches common issues like exposed passwords or outdated encryption, but often misses more complex vulnerabilities: flaws in business logic, broken access control, insecure data flows between components. Finding these subtle, context-dependent issues requires skilled human researchers, who are dealing with ever-expanding backlogs.

AI is beginning to change that calculus. Today we're releasing CodeWatcher as a limited preview — a new capability within the Swise platform designed to secure applications by detecting vulnerabilities that traditional scanning tools miss.

How CodeWatcher works

Rather than scanning for known patterns, CodeWatcher reads and reasons about your code the way a human security researcher would: understanding how components interact, tracing how data moves through your application, and catching complex vulnerabilities that rule-based tools miss.

Every finding goes through a multi-stage verification process before it reaches an analyst. CodeWatcher re-examines each result, attempting to prove or disprove its own findings and filter out false positives. Findings are assigned severity ratings so teams can focus on the most important fixes first.

Validated findings appear in the Swise dashboard, where teams can review them, inspect suggested remediation, and approve fixes. Because these issues often involve nuances that are difficult to assess from source code alone, CodeWatcher also provides a confidence rating for each finding. Nothing is applied without human approval: CodeWatcher identifies problems and suggests solutions, but developers always make the call.

Zero-storage architecture

One principle was non-negotiable from the start: we never store your source code.
CodeWatcher streams source code through the analysis engine in real time and discards it immediately after processing. No copies are retained, no snapshots are cached, and no code is persisted anywhere in the Swise infrastructure. This streaming architecture was a deliberate design choice — a security platform that asks you to hand over your source code creates the exact kind of risk you're trying to reduce.

What CodeWatcher finds

CodeWatcher analyses applications across three dimensions, focusing on the categories of vulnerability that traditional tools most commonly miss:

Business logic and access control flaws — The most dangerous vulnerabilities are often the ones that aren't in any pattern database. CodeWatcher reasons about how your application is supposed to work and identifies where the implementation diverges from secure design: broken access control, privilege escalation paths, insecure direct object references, and logic flaws that could allow an attacker to bypass intended restrictions.

Secrets and credentials — Hardcoded API keys, database connection strings, tokens, passwords, and private keys that may have been committed accidentally. Findings are correlated with your cloud security posture in Swise to assess actual exposure — a leaked key to a production database is prioritised differently than a test environment token.

Infrastructure-as-code misconfigurations — Terraform, CloudFormation, and Kubernetes manifests are reviewed for security misconfigurations before they reach your cloud environment. This catches issues like overly permissive IAM policies, publicly exposed storage, and unencrypted data stores at the point where they're cheapest to fix.

Integration and setup

CodeWatcher supports GitHub, GitLab, Bitbucket, and Azure DevOps. Setup takes under five minutes: connect your repository provider, select which repositories to monitor, and CodeWatcher begins its first analysis automatically. Ongoing scans can be triggered on every push, on a schedule, or on demand.

All findings appear in the Swise dashboard alongside your cloud security posture, compliance status, and risk scores — giving you a unified view of security across infrastructure and application code.

Limited preview

We're releasing CodeWatcher as a limited preview so we can work with customers to refine its capabilities and ensure it delivers real value in production environments. We're actively expanding language support, deepening the reasoning engine, and building IDE integrations to surface findings closer to where developers work.

CodeWatcher is available now for all Swise customers.