AI-powered code reviewer with OWASP Top 10 checks
Project description
๐ค ai-reviewer
AI-powered code reviewer with OWASP Top 10 checks. Fast. Local. Configurable.
- โก Works offline (Fast Mode) or with any AI provider (Cloud Mode)
- ๐ OWASP Top 10 security scanning
- ๐ Parallel processing
- ๐ HTML / SARIF / JSON reports
- ๐ฏ 8 languages supported
๐ Installation
pip install ai-reviewer-cli
Or from source:
git clone https://github.com/briej/ai-reviewer.git
cd ai-reviewer
pip install -e .
๐ณ Docker
Run without installing anything:
# Build image
docker build -t ai-reviewer https://github.com/briej/ai-reviewer.git#main
# Run analysis on current directory
docker run -v $(pwd):/code ai-reviewer /code --mode fast
# Generate HTML report
docker run -v $(pwd):/code ai-reviewer /code --mode fast --format html --output /code/report.html
# With custom config
docker run -v $(pwd):/code -v $(pwd)/.ai-reviewer.yaml:/app/.ai-reviewer.yaml ai-reviewer /code
๐ฏ Quick Start
# Fast mode โ instant analysis, no AI needed
ai-review ./my-project
# Cloud mode โ AI-powered analysis
ai-review ./my-project --mode cloud --provider deepseek --api-key sk-xxx
# HTML report
ai-review ./my-project --format html --output report.html
# Parallel processing (8 threads)
ai-review ./my-project --threads 8
๐ฅ Features
Security (OWASP Top 10)
- SQL Injection detection
- XSS vulnerability scanning
- Hardcoded secrets detection
- Weak cryptography checks
- CSRF protection validation
AI Providers
| Provider | Free Tier | Setup |
|---|---|---|
| Ollama | โ Unlimited | Local install |
| DeepSeek | โ 1M tokens | API key |
| OpenRouter | โ Rate limited | API key |
| Kimi | โ Trial | API key |
| Qwen | โ Trial | API key |
| Groq | โ Rate limited | API key |
Output Formats
- CLI โ Rich terminal output with tables
- JSON โ Machine-readable
- HTML โ Beautiful web report
- SARIF โ GitHub Code Scanning compatible
Supported Languages
Python, JavaScript, TypeScript, SQL, Go, Java, Rust, C/C++
๐ Usage Examples
Basic
ai-review ./project
Cloud with specific model
ai-review ./project \
--mode cloud \
--provider openrouter \
--model qwen/qwen-2.5-coder-32b \
--api-key sk-xxx
CI/CD Integration
ai-review . --mode fast --format sarif --output report.sarif
Filter severity
ai-review ./project --severity critical
Ignore patterns
ai-review ./project --ignore __pycache__ --ignore .git --ignore node_modules
โ๏ธ Configuration
Create .ai-reviewer.yaml in your project root:
mode: fast
threads: 4
severity: all
ignore:
- __pycache__
- .git
- node_modules
- "*.min.js"
cloud:
provider: deepseek
model: deepseek-coder
timeout: 30
rules:
- id: no-print
pattern: "print("
severity: info
message: "Remove print statements"
languages: [python]
๐ GitHub Actions
name: Code Review
on: [push, pull_request]
jobs:
review:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: '3.12'
- run: pip install ai-reviewer
- run: ai-review . --mode fast --format sarif --output report.sarif
- uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: report.sarif
๐ Pre-commit Hook
# .pre-commit-config.yaml
repos:
- repo: https://github.com/briej/ai-reviewer
rev: v1.2
hooks:
- id: ai-reviewer
๐ Example Output
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ ๐ค ai-reviewer โ v1.2 โ
โ OWASP Top 10 | Multi-Cloud | Parallel | Rich CLI โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Files found: 23
โ ๏ธ CRITICAL (3)
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
hardcoded-secret config.py:12 Hardcoded secret
sql-injection db.py:45 SQL Injection
code-injection utils.py:89 eval() is dangerous
๐ถ WARNING (7)
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
weak-crypto auth.py:34 Weak hash
xss frontend.js:67 innerHTML vulnerable
๐ก INFO (12)
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
debug main.py:23 console.log
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โโโโโโโโโโโโโโโโโโฌโโโโโโโโ
โ Files analyzed โ 23/23 โ
โ Time โ 0.45s โ
โ Critical โ 3 โ
โ Warning โ 7 โ
โ Info โ 12 โ
โ Score โ 4.2/10โ
โโโโโโโโโโโโโโโโโโดโโโโโโโโ
๐ค Contributing
See CONTRIBUTING.md
๐ License
MIT
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
ai_reviewer_cli-1.2.1.tar.gz
(13.8 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file ai_reviewer_cli-1.2.1.tar.gz.
File metadata
- Download URL: ai_reviewer_cli-1.2.1.tar.gz
- Upload date:
- Size: 13.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
6003ca92349b9ee4456aede9ec9ec92aed60aa77beba4712a11a03f6ed3e1b8c
|
|
| MD5 |
bddf262fed18758ba04cdc0744152516
|
|
| BLAKE2b-256 |
634be5d5b97333213c3309388679be081fdace4be653c577c6ab9d14346f50c3
|
File details
Details for the file ai_reviewer_cli-1.2.1-py3-none-any.whl.
File metadata
- Download URL: ai_reviewer_cli-1.2.1-py3-none-any.whl
- Upload date:
- Size: 15.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
a570867fb5f7cb8d78a0ca67bd65220fa17b8cb14a55d737e62cfb21d4fa694d
|
|
| MD5 |
1bdc20c1bb0d426af3e692acca2415b1
|
|
| BLAKE2b-256 |
97080fcadddbc3c20befcf3d033343ace20e1c4ff2431126a538b0a1c7f4dd33
|
