what lands in your inbox
One report — graded, prioritized, forwardable.
A single self-contained set of guidance: a letter grade your leadership gets at a glance, every finding ranked by severity, each with the evidence and a fix.
Send me your web app. I run a no-login recon pass over your stack — the way an outsider would — and send you back a report of what I find. Catch it before you ship, not after.
$ prepolis https://app.yourcompany.com
→ fingerprint .... Next.js 14.2.10 · React 18.3.1
→ 41 checks ...... 2 critical · 5 high · 9 med
✓ report in your mailbox ▋
this is the engine — you just get the report back · I only comb through web apps you authorize
what lands in your inbox
A single self-contained set of guidance: a letter grade your leadership gets at a glance, every finding ranked by severity, each with the evidence and a fix.
everything you need to ship safely
What's exposed — everything reachable on your app without logging in.
What leaks — what your front-end quietly gives away to anyone.
What's hardened — the protections that should be on by default.
What's outdated — weaknesses tied to the versions you run.
where it comes from
Prepolis started as an internal tool — the pass I ran over our own apps before they went live. It's been quietly earning its keep for a while, and I'm only now starting to open it up. Especially now: products ship faster than they ever have, and fast is exactly when the small things slip through.
why the name?
Two words. Pre — because the time to catch this is before you ship, not after. And propolis — the resin honeybees gather to seal the cracks in their hive and defend it against intruders. That's the whole idea: seal the gaps before anything gets in.
If you run a SaaS on React, Next.js or Python, send me your web app and I'll run a pass and send the report back. Then tell me what's wrong, shallow, or genuinely useful.
I only comb through web apps you own or are authorized to test.