ARCHIVES

Modern web-based applications built with Spring Bootframework are widely used, but they are still vulnerable to common configuration and coding mistakes. We present an AI-assisted scanner that combines static rule-based analysis with lightweight dynamic API probes and attaches concise AI explanations for each finding. The system runs locally by default using a WebLLM (WebGPU-enabled) model for privacy; a cloud model may be used optionally for short, redacted snippets when higher-quality reasoning is required. We describe detector design, runtime probes, the explanation pipeline, and a prototype implementation. An initial evaluation on small Spring Boot samples demonstrates the workflow and trade-offs. The focus is practical developer help and privacy-aware explainability rather than claiming enterprise-grade coverage.