REPOGEO REPORT · LITE

asamassekou10/ship-safe

Default branch main · commit bdc59e22 · scanned 6/14/2026, 1:01:10 PM

GitHub: 729 stars · 82 forks

AI VISIBILITY SCORE

33 /100

Critical

Category recall

0 / 2

Not recommended in any query

Rule findings

2 pass · 0 warn · 0 fail

Objective metadata checks

AI knows your name

2 / 3

Direct prompts that named your repo

HOW TO READ THIS REPORT

Action plan is what to do next — copy-pasteable changes prioritized by impact. Category visibility is the real GEO test: when a user asks an AI a brand-free question that should surface asamassekou10/ship-safe, does the AI actually recommend you — or your competitors? Objective checks verify the metadata signals AI engines weight first. Self-mention check detects whether AI even knows you exist by name.

Action plan — copy-paste fixes

3 prioritized changes generated by gemini-2.5-flash. Mark items done after you ship the fix.

OVERALL DIRECTION

highreadme#1

Reposition README opening to clearly state its core function and target problems

Why:

CURRENT

<p align="center"><strong>AI security agent for developers. Scan, fix, and ship safely.</strong></p>

COPY-PASTE FIX

<p align="center"><strong>Ship-safe is a CLI security scanner for the agentic era. It detects CI/CD misconfigurations, hardcoded secrets, and AI/LLM supply chain risks, with automated fixes.</strong></p>

mediumtopics#2

Add more specific security topics to improve category visibility

Why:

CURRENT

cli, devscops, npm, owasp, secrets, security, security-tools, static-analysis

COPY-PASTE FIX

cli, devsecops, npm, owasp, secrets, security, security-tools, static-analysis, ci-cd-security, supply-chain-security, ai-security, llm-security, vulnerability-scanner, code-analysis

mediumreadme#3

Add a dedicated 'Problems Ship-safe Solves' section to the README

Why:

COPY-PASTE FIX

## What Problems Does Ship-safe Solve?
Ship-safe helps developers and security teams proactively identify and remediate critical vulnerabilities across their codebase, specifically targeting:
- **CI/CD Misconfigurations:** Prevent pipeline exploits and insecure deployments.
- **Hardcoded Secrets:** Eliminate exposed API keys, tokens, and credentials.
- **Agent Permission Risks & MCP Tool Injection:** Secure your AI-driven development workflows.
- **DMCA-flagged AI Dependencies:** Identify and mitigate risks from problematic AI components.
- **Supply Chain Attacks:** Scan for vulnerabilities introduced via third-party packages and dependencies.

Category GEO backends resolved for this scan: google/gemini-2.5-flash, deepseek/deepseek-v4-flash

Category visibility — the real GEO test

Brand-free queries asked to google/gemini-2.5-flash. Did AI recommend you, or someone else?

Same questions for every model — switch tabs to compare answers and rankings.

Recall

0 / 2

0% of queries surface asamassekou10/ship-safe

Avg rank

—

Lower is better. #1 = top recommendation.

Share of voice

Of all named tools, what % are you?

Top rival

GitGuardian Internal Monitoring

Recommended in 1 of 2 queries

COMPETITOR LEADERBOARD

GitGuardian Internal Monitoring · recommended 1×
trufflesecurity/trufflehog · recommended 1×
semgrep/semgrep · recommended 1×
bridgecrewio/checkov · recommended 1×
Snyk Code · recommended 1×

CATEGORY QUERY
How to find and fix CI/CD misconfigurations and hardcoded secrets in my codebase?
you: not recommended
AI recommended (in order):
1. GitGuardian Internal Monitoring
2. TruffleHog (trufflesecurity/trufflehog)
3. Semgrep (semgrep/semgrep)
4. Checkov (bridgecrewio/checkov)
5. Snyk Code
6. SpectralOps
7. Detectify
AI recommended 7 alternatives but never named asamassekou10/ship-safe. This is the gap to close.
Show full AI answer
CATEGORY QUERY
What are the best tools for scanning AI dependencies and automatically fixing code vulnerabilities?
you: not recommended
AI recommended (in order):
1. Snyk
2. Dependabot
3. OWASP Dependency-Check
4. Trivy
5. Black Duck by Synopsys
6. Fossa
AI recommended 6 alternatives but never named asamassekou10/ship-safe. This is the gap to close.
Show full AI answer

Objective checks

Rule-based audits of metadata signals AI engines weight most.

Metadata completeness
pass
README presence
pass

Self-mention check

Does AI even know your repo exists when asked about it directly?

Compared to common alternatives in this category, what is the core differentiator of asamassekou10/ship-safe?
pass
AI did not name asamassekou10/ship-safe — likely talking about a different project
AI answers can be confidently wrong. Read for accuracy: does it match your actual tech stack, audience, and differentiator?
If a team adopts asamassekou10/ship-safe in production, what risks or prerequisites should they evaluate first?
pass
AI named asamassekou10/ship-safe explicitly
AI answers can be confidently wrong. Read for accuracy: does it match your actual tech stack, audience, and differentiator?
In one sentence, what problem does the repo asamassekou10/ship-safe solve, and who is the primary audience?
pass
AI named asamassekou10/ship-safe explicitly
AI answers can be confidently wrong. Read for accuracy: does it match your actual tech stack, audience, and differentiator?

Embed your GEO score

Drop this badge into the README of asamassekou10/ship-safe. It auto-updates whenever the report is rescanned and links back to the latest report — easy public proof that you care about AI discoverability.

Live preview

MARKDOWN (README)

[![RepoGEO](https://repogeo.com/badge/asamassekou10/ship-safe.svg)](https://repogeo.com/en/r/asamassekou10/ship-safe)

HTML

<a href="https://repogeo.com/en/r/asamassekou10/ship-safe"><img src="https://repogeo.com/badge/asamassekou10/ship-safe.svg" alt="RepoGEO" /></a>

Pro

Subscribe to Pro for deep diagnoses

asamassekou10/ship-safe — Lite scans stay free; this card itemizes Pro deep limits vs Lite.

Deep reports10 / month
Brand-free category queries5 vs 2 in Lite
Prioritized action items8 vs 3 in Lite