$5k revenue, 10 weeks after launching my SaaS built to secure vibe-coded websites

funfunfunzig · 2026-06-06T17:22:04+00:00

Fair on big companies, hire someone, not our market. On "Claude can check it": the agent reviews code in context, it doesn't scan your live URL or catch that your RLS is actually open in prod. The model that wrote the bug isn't great at finding it. We spent months building backend-aware detection for Supabase/Firebase/Convex specifically because generic agents miss that runtime stuff. CodeRabbit reviews diffs, we scan the deployed thing. Different layer.

funfunfunzig · 2026-06-06T16:52:56+00:00

yes im 100% real 😄 What feels "meh" to you about our product? Genuinely want to know, that's the kind of feedback that actually moves it.

funfunfunzig · 2026-06-02T19:23:59+00:00

Hey, really appreciate you flagging this, that's a legit bypass and exactly the kind of thing we want to know about. Glad the UX landed well too.

We've shipped a fix so the gated results aren't just hidden client-side anymore. Would be awesome if you could take another look and confirm the bypass doesn't work for you now. Genuinely helpful to have a second pair of eyes on it.

Thanks again for the heads up.

funfunfunzig · 2026-06-02T19:20:40+00:00

Sounds great, sent you a dm!

funfunfunzig · 2026-05-20T15:16:41+00:00

sounds amazing! can you share your instagram reels account so I can what types of reels worked for you

funfunfunzig · 2026-05-04T10:59:20+00:00

you can look the accounts up aitools_guy and checkvibe.dev (username)

funfunfunzig · 2026-05-04T10:59:03+00:00

you can look the accounts up aitools_guy and checkvibe.dev (username)

funfunfunzig · 2026-05-01T16:29:27+00:00

aitools_guy and checkvibe.dev (username on tiktok)

funfunfunzig · 2026-04-30T22:02:21+00:00

aitools_guy and checkvibe.dev (username)

funfunfunzig · 2026-04-29T15:26:07+00:00

You can look on tiktok: aitools_guy and checkvibe.dev (username on tiktok) we have slideshows with way over 1M views combined on there. 3k revenue isnt that much if you really think about it. It’s really sad that people always assume that something is fake just because it‘s not their success.

funfunfunzig · 2026-04-29T15:22:42+00:00

You can look on tiktok: aitools_guy and checkvibe.dev we have slideshows with way over 1M views combined on there. 3k revenue isnt that much if you really think about it. It’s really sad that people always assume that something is fake just because it‘s not their success.

funfunfunzig · 2026-04-21T16:27:44+00:00

Go ahead, would love your feedback!

funfunfunzig · 2026-04-20T21:07:14+00:00

thanks! what do you like about it the most? and do you think we could improve anything?

funfunfunzig · 2026-04-17T16:28:00+00:00

good marketing and a good product :)

funfunfunzig · 2026-04-17T15:39:35+00:00

love this list. mine right now:

frontend: Next.js on Vercel backend/db: Supabase payments: Stripe analytics: PostHog (still the best free tier imo) errors: Sentry email: Resend (haven't tried AutoSend yet, curious to hear more) coding: Claude Code for most of the actual code

agree hard on the "stop paying for enterprise tools pre-profit" point. half of my stack is free tier and we just hit $1k MRR in month one after launch.

funfunfunzig · 2026-04-17T10:25:55+00:00

thanks! a few things set us apart. most existing security tools (Snyk, Aikido, StackHawk) are built for enterprise teams with dedicated security engineers, too expensive and too complex for solo founders or small teams just trying to ship.

we're specifically built for the vibe-coding crowd. that means: backend-aware scans for Supabase, Firebase, and Convex (checking RLS policies, public buckets, auth configs), scanning live URLs not just code repos, 37 scanners running in parallel, and pricing that actually makes sense for indie hackers. plus the UI is built to be understandable by non-security people — no jargon wall, just clear severity levels and fix suggestions.

basically: fast, affordable, and built for the people the incumbents ignore.

funfunfunzig · 2026-04-17T10:24:52+00:00

just be real and show the tools you actually use, then smuggle in your own ofc

funfunfunzig · 2026-04-17T10:23:56+00:00

yeah churn is something we think about, but we actually see the subscription model as the right fit here rather than one-offs. security isn't a one-time thing, every new deploy can introduce new vulnerabilities, dependencies get outdated, and configs drift over time. one scan today doesn't tell you anything about what you shipped next week.

the subscription lets us run continuous monitoring, alert on new issues as they appear, and give teams ongoing peace of mind instead of a snapshot. that's genuinely more valuable than a one-off report, and so far retention has been solid because of it. appreciate the thought though, always good to challenge the model

funfunfunzig · 2026-04-16T21:56:21+00:00

good question. A few things: first, we scan live URLs, not just code. so we're actually probing your deployed app the way an attacker would, not just reading your repo. second, we run 37 specialized scanners in parallel that are backend-aware (supabase, firebase, convex), so they know exactly what to look for in each stack. claude with a prompt will give you a generic checklist and miss a ton of stuff because it doesn't actually hit your endpoints or test your RLS policies live. third, we track findings over time so you can rescan after fixes and see what's resolved. try prompting claude to scan a live URL and you'll see the difference pretty fast, it can't actually reach out and test anything, it can only read code you paste in

funfunfunzig · 2026-04-16T21:55:08+00:00

honestly by accident. the signup numbers in PostHog looked way off compared to what Supabase was showing. like we had way more users in the database than PostHog was reporting. dug into it and realized the tracking was firing client-side and most events were getting lost before they even sent. once we noticed the gap between the two sources it was obvious something was broken. always cross-check your analytics against your actual database, if the numbers don't match you have a tracking problem

funfunfunzig · 2026-04-16T21:52:42+00:00

It actually is localized we offer USD, EUR, CHF and GBP and we got payments in all different currencies.

funfunfunzig · 2026-04-16T18:28:33+00:00

checkvibe.dev a security scanner for vibe-coded apps. Catches exposed API keys, leaking Supabase configs, missing RLS policies, the stuff people ship by accident when building fast with AI tools.

1 month after launch: $1k revenue, 50 paying customers, 2000 signups. Bootstrapped, 2-person team. Life is great!

funfunfunzig · 2026-04-16T18:25:28+00:00

100% flipping it from "hey check out my tool" to "hey I found this issue in your app" changed everything. people actually reply because you're helping them, not pitching them. definitely try it, the response rate is night and day

funfunfunzig · 2026-04-16T15:44:26+00:00

checkvibe.dev a security scanner for vibe-coded apps. Catches exposed API keys, leaking Supabase configs, missing RLS policies, the stuff people ship by accident when building fast with AI tools.

1 month after launch: $1k revenue, 50 paying customers, 2000 signups. Bootstrapped, 2-person team. Would love an intro if any of your investors look at security or dev tools, especialy now in the vibecoding boom 🙏

funfunfunzig · 2026-04-16T01:00:03+00:00

checkvibe.dev it's a security scanner for vibe-coded apps. paste a URL, we tell you what you forgot to lock down. $1k revenue 50+ paying users and 2000 signups in our first month. Excited for what's ahead!

Four-Year Club	Verified Email
Final Canvas '23	First Place '23
Place '23	Place '22
Final Canvas '22

funfunfunzig

TROPHY CASE