Home Features Pricing Documentation Services Contact DOWNLOAD
← Back to docs

FAQ

Quick answers to the questions people ask most often about SiteCMD.

Is the Free tier actually useful?

Yes. Free is not a 14-day trial. You get the desktop app, every check in the engine, every integration as a read-only data view, and the issue summary for every finding. It’s permanent, and it’s a real product on its own.

What Free doesn’t include is the depth: fix guides, AI fix prompts, cross-source correlation, and ticket mirroring all need Core. If you want to scan a site and see what’s broken, Free is enough. If you want to fix things efficiently or correlate findings with traffic and deploys, Core is the tier you want.

See Tiers & pricing.

Does it require an internet connection?

For scans, yes. SiteCMD has to be able to reach your URL to scan it.

For everything else: SiteCMD doesn’t depend on a SiteCMD-hosted backend. The dashboard, the local issue list, scan history, source audit — all of it works without an internet connection. License validation runs periodically, but SiteCMD enters an offline grace period when it can’t reach the license server, so brief offline use doesn’t disrupt anything.

See Privacy & data for the full breakdown of what’s local vs. networked.

Where does my data live?

On your machine. SiteCMD does not have a cloud service that mirrors your scans. Your SQLite database, your scan history, your project config, and your integration cache are all in your operating system’s app-data directory.

See Privacy & data for the exact paths.

Is SiteCMD a security scanner?

It checks a lot of security-relevant things (headers, SSL, exposed files, dependency CVEs, common authentication and authorization gaps in source). It is not a replacement for a proper security audit by humans. If you handle sensitive data, get a real audit.

What SiteCMD catches well: misconfiguration, common patterns of bad code, missing best-practice security headers. What it doesn’t catch: business logic flaws, novel attack vectors, anything that requires creative reasoning about your specific application.

Does SiteCMD upload my source code?

No. The source audit runs entirely on your machine. The only outbound requests it makes are dependency lookups (sending package names and versions to public registries), and those don’t include your source.

See Privacy & data.

Can my AI tool use SiteCMD?

Yes, if it supports MCP. Cursor, Claude Code, Windsurf, VS Code (with the right extension), Cline, Codex CLI, Zed, and JetBrains IDEs all do. The AI sees your scan findings, can pull fix prompts tailored to specific checks, and can verify its work by comparing scans before and after.

The MCP server is bundled with the desktop app and runs locally. See AI editor overview.

Does it work with WordPress / Next.js / Astro / Django / [my framework]?

The live-site scan works with anything that serves HTML over HTTP. There’s no framework requirement.

The source audit detects and applies framework-specific checks for: Next.js, Nuxt, SvelteKit, Svelte, Gatsby, Astro, Remix, Angular, React, Vue, Express (JavaScript/TypeScript), Drupal, WordPress, Laravel (PHP), Django, Flask, FastAPI (Python), and others. If your framework isn’t detected, the source audit still runs the framework-agnostic checks.

How long does a scan take?

Most scans finish in seconds. A scan on a small static site is essentially instant. A scan on a large site with many probe targets and a deep source folder can take longer (tens of seconds to a few minutes).

The slowest part is usually probe checks (each one is a network round-trip to your server). They run concurrently, so the total time is bounded by your slowest probe, not the sum.

Will SiteCMD slow down my computer?

In active use, no more than a browser does. The scan engine is the most CPU-intensive part, and it only runs while a scan is happening.

The background scheduler runs a minute-tick check (very cheap) but only triggers an actual scan when one’s scheduled to run. Your laptop won’t notice.

Can I run SiteCMD in CI?

Yes, via the CLI. It’s a separate binary (sitecmd) that runs the same live-site checks without a UI. Use it to gate deploys, fail builds on regressions, or run scheduled regression checks.

See CLI reference and Quality gates in CI.

Can my team share scan results?

Not natively. SiteCMD is local-first, so there’s no shared dashboard out of the box. You can share via:

  • Ticket mirroring to GitHub Issues or Jira (Core+) — push individual findings into shared trackers.
  • Reports (Core+) — export HTML reports and share via email, chat, or your intranet.
  • CSV exports for bulk findings.
  • The CLI in CI for shared enforcement.

If “shared SiteCMD dashboard” is a hard requirement, SiteCMD isn’t designed for that today. It might be in the future, but only in a way that keeps the local-first promise intact (e.g., explicit sync to a server you control).

Does SiteCMD work offline?

For everything except scanning a URL (which inherently needs network) and license validation (during the offline grace period: yes), SiteCMD works offline. Reviewing past scans, triaging, exporting reports, all of it works without an internet connection.

Can SiteCMD run on a server (headless)?

The CLI can, yes. The desktop app is a desktop app and requires a graphical environment. Most CI use cases are CLI-only.

What if I lose my license key?

It’s in the email LemonSqueezy sent at purchase. If you can’t find that email, sign in at LemonSqueezy’s customer portal with the email you used; your license keys are listed there.

What if I switch computers?

A single Core license activates on up to 3 machines (Pro: 5). On the new computer, paste the same license key and activate. If you hit the activation limit, deactivate the old machine from the LemonSqueezy customer portal first.

See License & billing.

Is SiteCMD open source?

Not currently. The desktop app and CLI are closed-source. “Local-first” refers to where your data lives, not where the code lives. We’re evaluating source-available licensing separately.

Why is SiteCMD pre-launch?

Because we’re not done. We’re using the pre-launch period to harden the product, refine the docs (you’re reading them), and iterate on the workflows that actually matter. Get on the launch list at /download and you’ll get the install link the moment we ship.

Who is SiteCMD for?

Indie developers and small agencies, site owners who maintain their own sites, AI-first builders who use Claude / Cursor / Windsurf, and CI engineers who want a quality gate that covers more than test failures.

If you maintain a single static site that never changes, SiteCMD is more than you need. If you maintain sites that get updated regularly, get touched by multiple people, or get features added by an AI assistant, SiteCMD is built for you.