Securie for Cloudflare — Workers + Pages scanning

roadmap

Scan your Cloudflare Workers and Cloudflare Pages deployments the same way Securie scans Vercel deployments. The coverage is Cloudflare-specific: wrangler.toml binding-scope validation per environment, D1 SQL-injection detection, KV access audit, unbounded request-body-size checks, and WAF rule analysis.

What it does

Validates that wrangler.toml bindings are correctly scoped per environment (preview vs production D1, KV, R2, Durable Objects). Detects D1 queries using template-string concatenation (SQL injection risk). Flags Worker routes that accept unbounded request bodies (cost-explosion vector). Analyzes WAF rules for common misconfigurations. Catches Durable Object storage access without tenant scoping.

When to use it

Best fit: teams building on Cloudflare Workers + D1 + KV + R2. Particularly useful for edge-native stacks where most security is enforced at the platform layer — Securie catches the application-layer bugs that remain.

Limitations

Roadmap. Current Cloudflare coverage is a subset of the Vercel integration; some Worker-specific features (Durable Object security patterns, Queues authentication) are post-GA. Requires GitHub-hosted repo; GitLab support is Series-A roadmap.

Install

  1. When live: install the Securie GitHub App on your Workers repository
  2. Securie auto-detects wrangler.toml and Worker source files
  3. Every PR touching wrangler.toml or Worker code triggers the Cloudflare-specific scan
  4. Findings appear as PR comments with the exact binding/code fix