Dyad LogoDyad

Security review

Using AI to help secure your app

Dyad's security review feature is experimental and may not catch all security issues. Please see limitations.

Keeping your app secure is important for you and your users. Dyad has a helpful Security Review panel so you can ask the AI to review your app for security issues.

Running security review

Open the Security panel in the top-right corner. Click on Run Security Review to have Dyad start using AI to review your app for security issues. This will create a new chat for your current app. After the AI response is complete, you will see a table of the security findings in the security panel.

The issues are sorted by importance from most important to least important. These are the severity levels:

  • Critical: these are the most important issues and should almost always be fixed.
  • High: these are important issues that should in most cases be fixed.
  • Medium: these may be important and should be reviewed and in some cases fixed.
  • Low: these are typically not important issues to fix but may be worth considering.

Fixing issues

Once you have run a security issue, you can fix a specific issue by clicking on Fix Issue in the findings table. This will create a new chat and fix that specific security issue. It's a good idea to re-run the security review after fixing the issue to ensure that the issue has been addressed.

Knowledge

In some cases, the AI may inappropriately flag an issue as a security issue. If you are certain it's not an issue for your use case, you can update the security knowledge by clicking on Edit Security Rules. This will create or update a file called SECURITY_RULES.md at the root directory of your app. This is similar to AI rules except these are only used during the security review.

Limitations

  • Dyad's security review feature is experimental and may not catch all relevant security issues for your app.
  • We recommend using Dyad's security review feature together with other security products like Snyk which may catch other important issues.
  • Although Dyad analyzes your Supabase database schema for security issues using AI, it does not currently display Supabase's security advisories. We recommend going to the Supabase console to check for their security and performance advisories.

Mobile App

Turn your Dyad web app into a hybrid mobile app using Capacitor

Pro overview

Learn about Dyad Pro and how it can accelerate your app development

On this page