PatchProof

PatchProof is a web app (with optional CLI) that continuously verifies whether critical web-app vulnerabilities are truly fixed—not just marked “resolved” in Jira. It replays minimal, safe proof-of-exploit checks against staging or production (with guardrails) after every deploy, then produces an auditable “patch evidence” report tied to a commit, build, and environment. The product focuses on the painful gap between scanning and reality: teams patch dependencies, tweak WAF rules, or suppress findings, but regressions and partial fixes slip through. PatchProof integrates with CI/CD to auto-generate verification tests from prior findings (e.g., SQLi, auth bypass, SSRF patterns) and reruns them on a schedule. It’s a combination traditional + AI app: traditional deterministic checks plus AI-assisted test generation and summarization. Expect some false positives early; the value is in catching silent regressions and creating defensible evidence for audits.