Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.superblocks.com/llms.txt

Use this file to discover all available pages before exploring further.

Security reviews are currently in beta. Contact support to get on the waitlist.
Security reviews automatically scan code changes for vulnerabilities and misconfigurations. When issues are found, Clark fixes them before the code reaches production. IT stays in complete control of which policies are enforced, and builders don’t need to think about security at all. Security reviews are built on top of Lifecycle Hooks - the same framework you can use to add automated checks at any point in your development workflow.

How it works

When a builder commits, edits, or deploys an application, Superblocks can automatically run one or more security checks against the changed code. If a check fails, the results are sent back to Clark AI so it can automatically iterate and fix the issues. High-severity vulnerabilities are blocking by default — for example, they prevent promotion to production — while lower-severity findings are advisory. You can customize which severity levels are blocking.

What you can customize

SettingDescription
Trigger (hook)When reviews run — on commit, on edit, before deployment, or any combination
Security toolingDeterministic checks using tools like Semgrep, Wiz, or SonarQube
Custom security agentsAI agents that review code with a specific set of instructions, a dedicated context window, and access to your organization’s knowledge
Blocking behaviorWhich checks are blocking (prevent the next step) versus advisory (warn but allow)

Visibility and audit trail

Every security review is persisted as an audit log entry, giving admins a full history of what was scanned, what was found, and what action was taken. Superblocks also tracks any known vulnerabilities that were allowed into production — for example, advisory findings that a builder chose to proceed with. Admins can see these at any time to understand their current risk posture. All of this data is available programmatically through the Superblocks MCP server, so you can query security findings from agents, scripts, dashboards, or any other tooling.