ALGO-SECURE PLATFORM

Algorand contract security that feels operational.

Trusted PyTeal & TEAL security signals from local development to production gates — fast to run, easy to review, and strict where it matters.

Quick startOpen workbench
MR. ALGO
Mr. Algo mascot

Live workflow preview

algosec-audit
$ algosec analyze contracts/Vault.py
  # detectors loaded: 16
  # critical: 2
  # high: 7
  # score: 74 / 100
  # recommendation: Review required

$ algosec analyze contracts/Vault.py --fix-dry-run --max-auto-fix-tier B
  # proposed edits: 3
  # write operations: 0
Scan Lifecycle

From pasted code to security report

A structured analysis path from contract code to exportable vulnerability report.

Phase 01

Code Input & Parsing

Paste your PyTeal or TEAL contract. The parser validates syntax and builds the AST for analysis.

Phase 02

Static Analysis

16 detectors scan for reentrancy, unchecked math, access control violations, and ABI misuse.

Phase 03

Severity Classification

Findings are classified as Critical, High, Medium, or Low and grouped into triage lanes.

Phase 04

Report Generation

Structured reports with line-level fix recommendations exported as JSON or text.

Command Studio

Understand the workflow in under a minute.

Choose a command path and preview realistic output.

Path 1algosec analyze contracts/Vault.py

Run all 16 detectors against a PyTeal contract file.

Path 2algosec analyze contracts/Token.teal --type reentrancy

Check for reentrancy and state manipulation vulnerabilities.

Path 3algosec analyze contracts/AMM.py --format json

Generate machine-readable JSON output for CI pipelines.

Path 4algosec analyze contracts/ --depth 3 --all

Deep recursive scan across an entire contracts directory.

CLI-first

Predictable command outputs for local and CI pipelines.

Safe by default

Read-only analysis with no contract state changes.

Audit ready

Exportable reports keep review trails transparent.

Open docs →
Usage Patterns

How teams actually use AlgoSec

Practical usage patterns from first local scan to CI gating and audit reporting.

Why teams keep AlgoSec in CI

Teams adopt AlgoSec because it behaves the same in local runs and in CI.

  • Deterministic output keeps triage stable
  • Severity policy stays consistent from PR to release
  • Fix planning remains reviewer-led
  • JSON export supports post-deploy verification

How an analysis executes

Each scan follows one clear pipeline: code parsing, detector execution, severity scoring, and report synthesis.

  • Input guardrails reject empty or invalid code
  • Pattern + AST checks reduce false positives
  • Severity levels map cleanly to deployment risk
  • CLI, JSON, and text outputs remain consistent

Remediation guidance

Each finding includes a concrete fix recommendation.

  • Context-aware fix suggestions per vulnerability
  • Impact descriptions help teams prioritize
  • Line-level annotations for quick navigation

Operational rollout

Roll out in phases: local developer checks first, PR gates next, then release policy enforcement.

  • Use severity thresholds to fail unsafe builds
  • Run quick analysis on every PR to mainnet
  • Generate stats and graphs for audit reporting
Open Live Metrics