Securie for FastAPI

Securie covers FastAPI's Depends-based auth, Pydantic model validation, and the common pitfalls of async Python API development. Jinja2 XSS, missing input-validation, and SQLAlchemy injection are all detected.

Start free — one repoRead the guides

Why it matters for FastAPI

Install on your FastAPI repo. Every router is reviewed for dependency-injection auth coverage.

  • FastAPI + Starlette-native
  • Validates Depends() auth chains across routers
  • Detects Jinja2 XSS, SQLAlchemy raw-SQL injection, unsafe deserialization
  • Checks requirements.txt for vulnerable dependencies

Common bugs we catch in FastAPI

Missing auth Depends() on routers

FastAPI auth via Depends() is opt-in per router. Missing Depends = unauthenticated endpoint.

Read the guide →

Pydantic v2 field_validator bypass

Complex Pydantic validators sometimes allow input that should be rejected. Securie fuzz-tests model boundaries.

SQLAlchemy text() with format string

Using text() with Python f-strings is SQL injection. Securie detects the pattern.

Install in under a minute

  1. Install the Securie GitHub App on your FastAPI repo
  2. Securie detects pyproject.toml or requirements.txt
  3. Push any PR. Review findings within minutes.

FastAPI is a trademark of its maintainers. Securie is independent.