Breaking

Solo builders ship underdeveloped products and get themselves into trouble.

CanIShip is an automated cargo inspection service for web applications. Paste your URL. Describe what your app does. Receive a structured inspection report with a ShipScore™ and a binary verdict: CLEARED FOR DEPARTURE or HOLD — DEFECTS FOUND.

File Your First Manifest Free →View Rates

No SDK. No installation. No credit card. 3 free inspections per month, always.

Inspection Report

CanIShip Authority

Form CI-7 · Automated Survey

Vesselmyapp.com

InspectorClaude AI + Playwright

Duration14m 32s

Layers8 of 8 complete

Defects3 critical · 7 minor

ShipScore™

Hold — Fix Required

10 layers. 100+ discrete checks.

Runtime audit + optional source code scan

Functional Tests

Playwright navigates every declared flow. Unresponsive controls, dead ends, and broken redirects are logged with screenshot evidence.

UX Friction

Missing loading states, absent error messages, silent failures — friction that does not break the app but breaks the user.

A11

Accessibility (WCAG 2.1 AA)

axe-core injection across all pages. Violations are classified by severity with WCAG criterion reference and remediation.

Performance (Core Web Vitals)

Lighthouse against LCP, CLS, FCP, TBT, INP. Render-blocking resources, unoptimised assets, and Time to Interactive flagged.

SEC

Security Surface

OWASP headers audit. Routes accessible without authentication. Sensitive data in source or URL. Mixed content and HTTPS enforcement.

LNK

Broken Links & Network

Every internal href crawled. All network responses monitored via Playwright intercept — 4xx/5xx that the UI silently swallows.

SEO

SEO Health

Title, meta description, canonical, Open Graph, sitemap.xml, robots.txt — every signal search engines use to index or reject.

MOB

Mobile Readiness

Real 375px viewport. Horizontal overflow, unclickable touch targets, missing viewport meta, and layout breaks at WCAG 2.5.5.

BRK

Business Risk

AI-powered analysis of the business model itself. Flags fake engagement, platform ToS violations, unregulated regulated industries, and legal grey areas — with an advisory score separate from the ShipScore.

SAST

Source Code Scan

Paste your public GitHub repo URL and Semgrep scans your actual source code — catching hardcoded secrets, SQL injection patterns, insecure crypto, and prototype pollution that a runtime audit cannot see. Code is cloned, scanned, and deleted immediately.

How CanIShip Differs From Other Tools

CriterionCanIShipOther QA Tools

Setup requiredNone. Paste a URL.SDK, CLI, or browser extension

InputPlain English + URLYAML config or code annotations

OutputReport a founder readsReport a QA team reads

Covers10 layers. 100+ discrete checks.Usually 1–2 layers per tool

Risk + RewardsIncludedNot included

Forward roadmapIncludedNot included

PriceFrom €0From $49–$500/month

Standards Referenced

WCAG 2.1 AAWeb Content Accessibility Guidelines, Level AA

WCAG 2.5.5Target Size — mobile touch target minimum

Core Web VitalsGoogle Lighthouse · LCP, CLS, FCP, TBT, INP

OWASP Security HeadersCSP, HSTS, X-Frame-Options, X-Content-Type

axe-core (Deque)Accessibility engine used by Google and Microsoft

RFC 7231HTTP/1.1 — correct status code enforcement

Open Graph ProtocolMeta / Facebook social card specification

Scope of This Inspection

Within Scope

Functional navigation, WCAG 2.1 AA accessibility, Core Web Vitals, OWASP security headers, broken links, console errors, SEO, mobile readiness at 375px, and AI-powered business risk assessment — ten layers including optional source code SAST scan.

Outside Scope

Manual penetration testing, load testing, screen-reader user testing, or auth-gated flows beyond provided test credentials. The business risk score is advisory — it flags grey areas but does not constitute legal advice. For regulatory obligations, supplement with qualified legal review.

Inspection Cadence

Each inspection is a fresh snapshot. Re-run after fixes to measure improvement. Builder and Studio plans retain full history with score differential between runs.

Inspection Tariff

No hidden fees. Cancel any time.

Free Berth

€0forever

Try the inspection process at no cost.

✓3 inspections per month

✓Quick Scan (~5 min)

✓Functional, links, console errors

✓ShipScore + basic verdict

—Risk & Rewards analysis

—Future Recommendations

—Standard & Deep scans

—Inspection history

Start Free →

Most Filed

Builder Berth

€19/month

For builders who ship on a regular schedule.

✓15 inspections per month

✓All scan depths

✓Full 8-layer report

✓Risk & Rewards analysis

✓Future Recommendations

✓Inspection history + diffs

—Docker self-hosted

Start Builder →

Studio Berth

€49/month

Unlimited inspections. Run on your own infrastructure.

✓Unlimited inspections

✓All Builder features

✓Docker self-hosted image

✓Your own Anthropic API key

✓No data leaves your machine

✓API access

Start Studio →

Frequently Asked Questions

What is the Business Risk Score?

A separate advisory score (0–100) that evaluates whether your business model operates in a legally questionable, ethically grey, or platform Terms-of-Service-violating space. It flags categories like fake engagement services, unregulated financial products, and data harvesting. It does not affect your technical ShipScore and does not constitute legal advice.

Does a low Business Risk Score mean my product is illegal?

No. The score is informational only. A flagged category means the business model shares characteristics with areas that attract legal scrutiny in some jurisdictions. It is a prompt to seek qualified legal advice before scaling — not a verdict.

What does the ShipScore actually measure?

Technical readiness: functional correctness, accessibility (WCAG 2.1 AA), Core Web Vitals, OWASP security headers, broken links, SEO signals, mobile readiness, privacy compliance, and active security probing. It starts at 100 and deductions are applied per finding — the formula is deterministic and Claude never owns the number.

How long does an inspection take?

Quick Scan: ~5 minutes. Standard Scan: ~10–15 minutes. Deep Scan: up to 30 minutes. The business risk assessment adds less than 30 seconds to any tier.

Can I re-run an inspection after fixing issues?

Yes. Each inspection is an independent snapshot. Builder and Studio plans retain full history so you can track score progression between runs.

Is this a replacement for manual QA or a penetration test?

No. CanIShip is an automated pre-launch signal, not a substitute for human QA, manual penetration testing, or regulatory legal review. Think of it as the last automated checkpoint before you invite real users in.

Your cargo does not leave the dock until it passes inspection.

File a manifest. Receive an inspection report. Know what to fix before your users find it.

File Your First Manifest — Free →