Flutterscan: Mobile App Security SAST Framework for Flutter

With the growing adoption of Flutter for modern mobile app development, fueled by its ability to enable seamless cross-platform experiences from a single codebase, security analysis for these apps has become increasingly important. While many static analysis tools support Android and iOS, dedicated security tools for Flutter and Dart are still being developed. Current solutions offer general analysis but are not fully tuned to Flutter’s unique structure and security needs. This creates an opportunity to build specialized tools that complement existing ones and better address Flutter’s ecosystem.

Flutterscan is a static analysis tool designed specifically for the Flutter and Dart ecosystem, bridging a critical gap in mobile application security reviews. It is mapped to the OWASP Mobile Top 10 and MSTG guidelines to detect common security weaknesses in Flutter and Dart applications. The tool seamlessly integrates into existing CI/CD pipelines such as GitHub Actions to review each pull request for insecure coding patterns and provides results in multiple output formats, including JSON and SARIF.