Verilay verification layer
Free & open source — built for non-developers

Understand what your
AI-built app is made of

You built something with Lovable, Replit, or Bolt. But do you know if it's secure? What libraries it uses? Whether it's ready to ship? Verilay tells you — in plain English.

🔍 304 apps analysed so far
💬 Or just ask us anything
New to building with AI? Ask Verilay answers your questions in plain English — free, no jargon.
How do I back up my code to GitHub? How do I add payments? Is my app safe to launch? Why is my app slow?
Open Ask Verilay →
🤖
AI built your app
Lovable, Replit, Bolt, v0, Cursor — powerful tools that generate real code fast.
But can you trust it?
Is your login secure? Are your database credentials exposed? Is it ready for real users?
🔍
Verilay answers that
Reads every layer of your app. Explains it in plain English. Flags issues. Gives you a second opinion.
Ship with confidence
Know exactly what you built and whether it's ready. No developer needed to understand the results.
How it works
1
Analyse
Paste your GitHub link, upload a ZIP, or enter your live app URL. Verilay reads every layer of your app in 30 seconds.
2
Check issues
See what was found across 6 layers — Auth, Database, API, Frontend, Config, Libraries. Each issue rated critical, warning, or passing.
3
Learn
Switch to Learner mode for plain-English explanations, real-world analogies, and optional quizzes — so you actually understand what was built.
4
Fix and re-run
Copy the ready-to-paste fix prompt, apply it in Lovable or Replit, then re-run Verilay to confirm the issue is resolved and your score improves.
What Verilay gives you
Tech stack map
Every library and framework detected and explained in plain English.
Layer map
Auth, Database, API, Frontend — each layer explained with expert and learner views.
Security check
Exposed secrets, auth issues, outdated libraries — flagged before they become problems.
Production verdict
Green, amber, or red — is your app ready to ship to real users?
Learner mode
Understand what each part of your app does with real-world analogies and quizzes.
Second opinion
Copy-ready prompts to verify findings in Claude, ChatGPT, or with a developer.
What Verilay covers — and what it doesn't. Verilay gives you a plain-English first-pass overview of your AI-built app. It explains your tech stack, flags obvious issues, and helps you understand what was built — whether you wrote the code yourself or not.

For developers: Think of it as a quick orientation layer — useful before diving into a deeper review with your own tools. It won't replace your expertise, but it gives you and your non-technical collaborators a shared starting point.

For non-developers: This is built for you. No coding knowledge needed to understand the findings or act on them.

Scores may vary slightly between runs as findings are AI-generated. A meaningful improvement (e.g. C → B) after applying fixes indicates real progress. Minor variations of one grade are normal and don't necessarily reflect a change in your app's security.

Treat findings as things to verify, not things to fix — confirm each issue exists in your app before making changes. It is not a penetration test or a professional security audit. For apps going live with real user data or payments, we always recommend a deeper review from Snyk, CodeRabbit, or a developer before launch. The second opinion prompts in every report make this easy.
What makes Verilay different
Built for people who didn't write the code
Every finding comes in two modes. Switch between them any time.
Expert mode
JWT tokens have no expiry configured
Supabase auth.session.expires_in not set. Tokens are valid indefinitely, creating persistent session hijacking risk. CWE-613.
Your view
Learner mode
Think of it like this: Login tokens are like hotel key cards. Right now yours never expire - a stolen key card works forever.
Login sessions never expire
If someone steals a login token, they have permanent access to that account - even after the user changes their password.
Verify & Fix in Lovable: "Add a 24-hour session expiry to my Supabase auth configuration"
Test your understanding with optional quizzes
Every layer includes a quiz question so you actually learn what was built - not just what was wrong.
Works with apps built on
🔷 Lovable 🟢 Replit ⚡ Bolt 🔲 v0 🌀 Cursor 🌊 Windsurf 🚀 Emergent + any GitHub repo
Ready to see what's inside your app?
Free. Takes 30 seconds. No account needed.
Reading your project files...
Fetching from GitHub API
0% ~30 seconds
1
Reading project files
2
Detecting tech stack
3
Analysing layers (Auth, DB, API...)
4
Running security checks
5
Writing plain-English explanations
Part 1 complete - ready for the deep analysis?
Part 2 adds the fix list with effort estimates, second opinion prompts, and security checklist. Takes another 15-20 seconds.
💬 Want to understand or fix something?
Ask Verilay explains things in plain English and helps you act on your results — free. (It can't see your specific report, but it can answer your questions and point you to what to check.)
How do I fix common security issues? What does my grade mean? Is my app safe to launch?
Analyse another app?
Run Verilay on any GitHub repo, ZIP file, or live URL
⭐ Found Verilay useful? Star us on GitHub
About Blog Changelog Privacy Terms AI Disclaimer Contact Moses