What This Repo Claims
"SEOnaut is an open-source SEO auditing tool designed to analyze websites for issues that may impact search engine rankings. It performs a comprehensive site scan and generates a report detailing any identified issues, organized by severity and potential impact on SEO."
Specifically: detects broken links, redirect issues, missing/duplicate meta tags, incorrect heading order — categorized into critical/high/low severity. Self-hosted, MIT licensed, no API key required.
What I Tested
Environment: macOS Apple Silicon, balajiloganathan user, Docker 28.3.2
Task: Crawl repoverifier.dev (live production site) and audit findings against known ground truth — including issues we'd already manually fixed this year (Cloudflare robots.txt blocking AI crawlers, JSON-LD review schema).
Install
git clone https://github.com/stjudewashere/seonaut.git
cd seonaut
docker build -t seonaut-local:latest .
docker compose up -d
Following the README's documented docker-compose.yml exactly fails on Apple Silicon — the published image is amd64-only. The bundled docker-compose.dev.yml does not fix this; it only extends the
db service for a debug port, it doesn't rebuild app from source. The fix: build the image directly from the repo's own Dockerfile (which correctly handles multi-arch via TARGETARCH), then point docker-compose.yml's app.image at the local build instead of the GHCR tag. Once built, came up cleanly first try.
The Test
Crawled repoverifier.dev with: robots.txt respected, sitemap crawling on, noindex pages included, external link checking on.
The Gotcha
No ARM64 image.
ghcr.io/stjudewashere/seonaut:latest fails outright on Apple Silicon with no matching manifest for linux/arm64/v8. Workaround above gets you running, but it's not in the docs.
HTTP by default. Runs on localhost:9000 over plain HTTP — docs do flag this and recommend a reverse proxy for HTTPS in production.
What It Found
0 Critical issues. 9 Alert-level, ~190 Warning-level findings across the crawl.
Confirmed true positive: flagged a broken external link (404) on a published use-case page — a dead GitHub repo link we didn't know was broken. Fixed it as a direct result of this review.
Plausible, specific findings: long page titles (9 pages), invalid heading order (6 pages), missing image size attributes (15 pages), short/long meta descriptions.
Noise identified: Security-header warnings (missing HSTS, CSP, X-Content-Type-Options) fired indiscriminately, including on third-party assets we don't control — Cloudflare Insights' and Google Tag Manager's hosted scripts. The tool doesn't distinguish first-party origins from third-party resources when checking response headers. This inflated the Warning count significantly.
Expected-but-flagged: "Pages with external follow links" fired on nearly every page — technically correct, but not a problem for a review site that intentionally links out to the repos it covers.
Verdict: SOLID
Found one genuine, previously-unknown bug on a production site we thought was already clean, with zero false critical alarms and several other specific, fixable findings. The header-noise issue means this isn't a "blind trust the report" tool — budget time to manually triage Warning-level findings, especially anything about security headers on third-party resources. Strong first-pass crawler, human filtering step required.