AI-powered security scanner for vibe-coded codebases
Project description
Bastion CLI
A command-line interface for Bastion security scanning tool, allowing developers to scan local codebases without leaving their IDE.
Features
- 11 Security Categories: Secrets, SQL injection, auth flaws, XSS, command injection, IDOR, client exposure, dependencies, misconfigurations, and prompt injection
- Multi-Language Support: Python, JavaScript, TypeScript, PHP, Java, Ruby, Go, Rust
- Rich Output: Beautiful tables, progress bars, and syntax highlighting
- Flexible Configuration: Custom patterns, severity filtering, and output formats
- Export Options: JSON output for CI/CD integration
Installation
pip install bastion
Quick Start
# Scan current directory
bastion scan
# Scan specific path
bastion scan /path/to/your/code
# Export results to JSON
bastion scan /path/to/code --output results.json --json
# Filter by severity
bastion scan /path/to/code --severity high
# Filter by category
bastion scan /path/to/code --category secrets
Commands
scan
Scan a codebase for security vulnerabilities.
bastion scan [PATH] [OPTIONS]
Options:
--output, -o: Export results to JSON file--patterns, -p: Custom security patterns file--extensions, -e: File extensions to scan (comma-separated)--severity, -s: Filter by minimum severity level--category, -c: Filter by category--json, -j: Output results in JSON format--quiet, -q: Only show results, no progress bars
init
Initialize Phalanx configuration in current directory.
phalanx init [--output OUTPUT]
version
Show version information.
phalanx version
Security Categories
| Category | Description | Severity |
|---|---|---|
| secrets | Hardcoded secrets and credentials | Critical |
| sql_injection | SQL injection vulnerabilities | High |
| auth_flaws | Authentication and authorization issues | High |
| xss | Cross-site scripting vulnerabilities | High |
| command_injection | Command injection vulnerabilities | Critical |
| idor | Insecure direct object references | Medium |
| client_exposure | Sensitive data on client side | Medium |
| dependencies | Vulnerable dependencies | Info |
| misconfigurations | Security misconfigurations | Medium |
| prompt_injection | AI prompt injection vulnerabilities | High |
Configuration
Create a .phalanx/config.json file for custom settings:
{
"scan_paths": ["src/", "lib/", "app/"],
"exclude_paths": ["node_modules/", ".git/", "__pycache__/"],
"file_extensions": [".py", ".js", ".ts", ".jsx", ".tsx"],
"severity_threshold": "medium",
"output_format": "table",
"custom_patterns": null
}
Exit Codes
0: No security issues found1: Security issues detected
Integration
GitHub Actions
name: Security Scan
on: [push, pull_request]
jobs:
phalanx:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Setup Python
uses: actions/setup-python@v4
with:
python-version: '3.9'
- name: Install Phalanx
run: pip install phalanx-cli
- name: Run Security Scan
run: phalanx scan . --output results.json --json
- name: Upload Results
uses: actions/upload-artifact@v3
with:
name: security-scan-results
path: results.json
CI/CD Pipeline
# Fail build on security issues
phalanx scan . --severity high || exit 1
# Generate SARIF for GitHub
phalanx scan . --output results.sarif --json
Contributing
- Fork the repository
- Create a feature branch
- Add your security patterns or features
- Run tests:
pytest - Submit a pull request
License
MIT License - see LICENSE file for details.
Support
🛡️ Scan smart, code secure - Phalanx CLI
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
bastion_cli-0.1.2.tar.gz
(12.3 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file bastion_cli-0.1.2.tar.gz.
File metadata
- Download URL: bastion_cli-0.1.2.tar.gz
- Upload date:
- Size: 12.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
13efeea4475adde5eb043f0d1616f149a42662329c6b1933960bff1aa7efb29f
|
|
| MD5 |
e4f3462e4b7f14608daac313301ad283
|
|
| BLAKE2b-256 |
7a01550cc0493ae856951b913ec453b001c9546afb58ac9833d203e24d1bfde1
|
File details
Details for the file bastion_cli-0.1.2-py3-none-any.whl.
File metadata
- Download URL: bastion_cli-0.1.2-py3-none-any.whl
- Upload date:
- Size: 12.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
af5035a3f2c8eb10f666c0f4187320f00bdeb31c12a5c4e2820d0d5c1877a95b
|
|
| MD5 |
ffb060d16daadc0a662376d2b0ab30ac
|
|
| BLAKE2b-256 |
5346cbeb8627e62e1b1c8f6d20302b881d67ae39acb4fbcbe7a90c259245d5a1
|
