SonarSee every API call in your own code.
A local-only macOS app that statically scans your iOS & web projects and inventories every external API endpoint, third-party SDK, and hardcoded secret. Your source never leaves your Mac.
SonarA local-only macOS app that statically scans your iOS & web projects and inventories every external API endpoint, third-party SDK, and hardcoded secret. Your source never leaves your Mac.
Point Sonar at a project and it builds a per-app inventory of endpoints, SDKs, and flagged secrets — on-device, read-only, in seconds.
Your source code is never uploaded or shared. No account, no telemetry. The only network call is a one-time license check.
Inventories raw HTTP/HTTPS endpoints and third-party SDK usage — Supabase, Stripe, Firebase, Anthropic, OpenAI, and more.
Catches possible API keys and tokens hardcoded in client source before they ship in a binary or bundle.
Detection runs off editable JSON rule packs — add any service, endpoint, or pattern your team uses.
Incremental — only changed files re-parse. Parses Swift and JavaScript/TypeScript today.
Sonar analyzes your source and never modifies, moves, or deletes a single file.
Never. Sonar is 100% local — your source is read on your Mac and never transmitted. The only network call is a single license-key verification; no source or file contents are ever sent.
Yes — 14 days with full functionality. After that, enter your license key to keep using it.
macOS 13 (Ventura) or later, on Apple Silicon or Intel. The app is notarized by Apple.
Swift and JavaScript / TypeScript today (including Supabase Edge Functions). Detection is extensible via JSON rule packs.
Because there's a full 14-day trial before you pay, all sales are final. Email [email protected] if anything isn't working.