Built-in security scanner for Java, PHP, Flutter, Terraform, Ansible, Python, Go, and 20+ languages. No external tools. pip install && argus-languages scan .
Project description
argus-languages
Built-in security scanner for 20+ languages and IaC formats — pure Python, no Semgrep, no Checkov, no extra installs.
pip install argus-languages
argus-languages scan /path/to/your/project
Requires Python 3.10+.
Quick start
pip install argus-languages
# Scan any supported project (auto-detects languages)
argus-languages scan /path/to/project
# JSON output
argus-languages scan /path/to/project --format json
# Scan a single file
argus-languages scan ./src/main.java
Python API
from argus_languages import scan_directory
result = scan_directory("/path/to/repo")
print(f"Findings: {len(result.findings)}")
for f in result.findings:
print(f"[{f.severity}] {f.file}:{f.line} — {f.title}")
Usage by language
Same command for every language — point at your project root or a specific file.
JavaScript / TypeScript / Vue
argus-languages scan ./my-node-app
argus-languages scan ./src/components/Button.tsx
| Scans | .js .jsx .ts .tsx .mjs .vue |
| Checks | XSS, SQL injection patterns, eval/exec, weak crypto, hardcoded secrets, CORS wildcard, NoSQL injection |
React / Next.js projects: use argus-codescan on npm instead — no Python needed.
Python
argus-languages scan ./django-app
argus-languages scan ./api/main.py
| Scans | .py .pyw |
| Checks | Debug mode, hardcoded Flask secret, Django ALLOWED_HOSTS = *, SQL injection, pickle/yaml deserialization, command injection |
Java / Kotlin / Scala
argus-languages scan ./spring-boot-app
argus-languages scan ./android-app/src/main/java
| Scans | .java .jsp .kt .kts .scala |
| Checks | SQL concatenation, XXE parsers, LDAP injection, path traversal, Spring CSRF disabled, log injection |
PHP
argus-languages scan ./laravel-app
argus-languages scan ./public/index.php
| Scans | .php .phtml |
| Checks | XSS via echo $_…, LFI via include($…), SQL injection, unsafe unserialize(), open redirects |
Go
argus-languages scan ./cmd/api
argus-languages scan ./main.go
| Scans | .go |
| Checks | SQL via fmt.Sprintf, TLS InsecureSkipVerify, command injection |
Ruby
argus-languages scan ./rails-app
| Scans | .rb .erb |
| Checks | Shell injection, mass assignment, command injection |
C# / Rust / Swift / Scala / Perl / Lua / Elixir
argus-languages scan ./dotnet-api # .cs
argus-languages scan ./rust-service # .rs
argus-languages scan ./ios-app # .swift
argus-languages scan ./elixir-app # .ex .exs
| Language | Extensions | Example checks |
|---|---|---|
| C# | .cs |
SQL concat, BinaryFormatter deserialization |
| Rust | .rs |
unsafe blocks, shell via Command |
| Swift | .swift |
Insecure credential storage |
| Perl | .pl .pm |
Open with user input |
| Lua | .lua |
loadstring / dynamic eval |
| Elixir | .ex .exs |
Code.eval_string |
Dart / Flutter (mobile)
argus-languages scan ./my-flutter-app
| Scans | .dart files, pubspec.yaml, AndroidManifest.xml, Info.plist |
| Checks | |
Dart source (.dart):
- Cleartext
http://URLs - Hardcoded API keys / tokens
- Weak MD5/SHA-1 hashing
- TLS validation disabled (
badCertificateCallback) - Sensitive data in
SharedPreferences - Unrestricted WebView JavaScript
- SQL concatenation in
rawQuery
Flutter config:
android:debuggable="true"in AndroidManifest- Cleartext traffic /
allowBackup/ exported components - iOS ATS disabled (
NSAllowsArbitraryLoads) - Hardcoded secrets in
pubspec.yaml
Skips generated files: *.g.dart, *.freezed.dart.
Terraform
argus-languages scan ./infra
argus-languages scan ./modules/vpc/main.tf
| Scans | .tf .tfvars .hcl |
| Checks | Public S3 ACLs, 0.0.0.0/0 security groups, unencrypted EBS, public RDS, hardcoded secrets, IAM wildcards, GCP/Azure public access |
Ansible
argus-languages scan ./ansible
argus-languages scan ./playbooks/site.yml
| Scans | .yml / .yaml in roles/, playbooks/, tasks/, handlers/, etc. |
| Checks | Hardcoded passwords, SSL verify disabled, open file permissions (777), shell module usage, hardcoded tokens |
Docker
argus-languages scan ./Dockerfile
argus-languages scan ./docker-compose.yml
| Scans | Dockerfile, docker-compose.yml / .yaml |
| Checks | Secrets in ENV, privileged mode, host network, docker socket mount, :latest tags |
Kubernetes
argus-languages scan ./k8s
argus-languages scan ./manifests/deployment.yaml
| Scans | .yaml / .yml / .json with apiVersion + kind |
| Checks | Privileged containers, runAsUser 0, hostNetwork/hostPID, plaintext secrets, wildcard RBAC |
Shell / SQL
argus-languages scan ./scripts/deploy.sh
argus-languages scan ./migrations/001_users.sql
| Scans | .sh .bash .zsh / .sql |
| Checks | curl piped to bash, unquoted variables / GRANT ALL / dynamic SQL exec |
Monorepo / multi-language project
Scan the whole repo — all languages are detected automatically:
argus-languages scan .
Example: a repo with frontend/ (JS), backend/ (Java), and infra/ (Terraform) is scanned in one command.
Full Argus CLI (optional)
For CSV export, MCP, DAST, and external tools (Checkov, tfsec, ansible-lint):
pip install argus-scan
argus scan code /path/to/project --output ./report.csv
argus scan terraform /path/to/infra
argus scan all /path/to/project
All supported languages
| Category | Languages / formats |
|---|---|
| Web & app | JavaScript, TypeScript, Python, Java, Kotlin, PHP, Go, Ruby, C#, Rust, Swift, Scala, Perl, Lua, Elixir, Vue, Dart |
| Mobile | Flutter (Dart + AndroidManifest + Info.plist + pubspec.yaml) |
| Infrastructure | Terraform, Ansible, Docker, Kubernetes |
| Other | Shell, SQL |
Related packages
| Package | Install | Use case |
|---|---|---|
| argus-languages | pip install argus-languages |
This package — lightweight, all languages above |
| argus-scan | pip install argus-scan |
Full CLI + MCP + DAST + Checkov/tfsec |
| argus-codescan | npm install argus-codescan |
React / Next.js / Node only |
License
MIT — see GitHub.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file argus_languages-0.1.2.tar.gz.
File metadata
- Download URL: argus_languages-0.1.2.tar.gz
- Upload date:
- Size: 13.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
46e7f3f7a2ba4b011c045ed7c71f4fb321f831fac7f31de0928506595fbab748
|
|
| MD5 |
519b427c7b6776c44966b1c9bd30a339
|
|
| BLAKE2b-256 |
a4ba04cca24479bd497e69f735616d293682ed2d15810c5fba53a78d4d8fee4a
|
File details
Details for the file argus_languages-0.1.2-py3-none-any.whl.
File metadata
- Download URL: argus_languages-0.1.2-py3-none-any.whl
- Upload date:
- Size: 18.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c2fcca21d91bc06241240b7dd2d0cc7bb52ec502ca4e1b639518407cafdda7dc
|
|
| MD5 |
f7e9ff65427d68b2d06cd06bef3f6603
|
|
| BLAKE2b-256 |
2890478c1e3ce42fbde027e0e95d22d1468f2dccd13519c9ba5cd6c2fe2f3dc7
|