AI-powered security scanner for vibe-coded codebases

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for Ali219 from gravatar.com Ali219

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: Bastion Security Team
  • Tags security , scanner , ai , code-analysis , vibe-code
  • Requires: Python >=3.8
  • Provides-Extra: test
Classifiers
Report project as malware

Project description

Bastion CLI

A command-line interface for Bastion security scanning tool, allowing developers to scan local codebases without leaving their IDE.

Features

  • 11 Security Categories: Secrets, SQL injection, auth flaws, XSS, command injection, IDOR, client exposure, dependencies, misconfigurations, and prompt injection
  • Multi-Language Support: Python, JavaScript, TypeScript, PHP, Java, Ruby, Go, Rust
  • Rich Output: Beautiful tables, progress bars, and syntax highlighting
  • Flexible Configuration: Custom patterns, severity filtering, and output formats
  • Export Options: JSON output for CI/CD integration

Installation

pip install bastion

Quick Start

# Scan current directory
bastion scan

# Scan specific path
bastion scan /path/to/your/code

# Export results to JSON
bastion scan /path/to/code --output results.json --json

# Filter by severity
bastion scan /path/to/code --severity high

# Filter by category
bastion scan /path/to/code --category secrets

Commands

scan

Scan a codebase for security vulnerabilities.

bastion scan [PATH] [OPTIONS]

Options:

  • --output, -o: Export results to JSON file
  • --patterns, -p: Custom security patterns file
  • --extensions, -e: File extensions to scan (comma-separated)
  • --severity, -s: Filter by minimum severity level
  • --category, -c: Filter by category
  • --json, -j: Output results in JSON format
  • --quiet, -q: Only show results, no progress bars

init

Initialize Phalanx configuration in current directory.

phalanx init [--output OUTPUT]

version

Show version information.

phalanx version

Security Categories

Category Description Severity
secrets Hardcoded secrets and credentials Critical
sql_injection SQL injection vulnerabilities High
auth_flaws Authentication and authorization issues High
xss Cross-site scripting vulnerabilities High
command_injection Command injection vulnerabilities Critical
idor Insecure direct object references Medium
client_exposure Sensitive data on client side Medium
dependencies Vulnerable dependencies Info
misconfigurations Security misconfigurations Medium
prompt_injection AI prompt injection vulnerabilities High

Configuration

Create a .phalanx/config.json file for custom settings:

{
  "scan_paths": ["src/", "lib/", "app/"],
  "exclude_paths": ["node_modules/", ".git/", "__pycache__/"],
  "file_extensions": [".py", ".js", ".ts", ".jsx", ".tsx"],
  "severity_threshold": "medium",
  "output_format": "table",
  "custom_patterns": null
}

Exit Codes

  • 0: No security issues found
  • 1: Security issues detected

Integration

GitHub Actions

name: Security Scan
on: [push, pull_request]
jobs:
  phalanx:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Setup Python
        uses: actions/setup-python@v4
        with:
          python-version: '3.9'
      - name: Install Phalanx
        run: pip install phalanx-cli
      - name: Run Security Scan
        run: phalanx scan . --output results.json --json
      - name: Upload Results
        uses: actions/upload-artifact@v3
        with:
          name: security-scan-results
          path: results.json

CI/CD Pipeline

# Fail build on security issues
phalanx scan . --severity high || exit 1

# Generate SARIF for GitHub
phalanx scan . --output results.sarif --json

Contributing

  1. Fork the repository
  2. Create a feature branch
  3. Add your security patterns or features
  4. Run tests: pytest
  5. Submit a pull request

License

MIT License - see LICENSE file for details.

Support

🛡️ Scan smart, code secure - Phalanx CLI

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for Ali219 from gravatar.com Ali219

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: Bastion Security Team
  • Tags security , scanner , ai , code-analysis , vibe-code
  • Requires: Python >=3.8
  • Provides-Extra: test
Classifiers

Release history Release notifications | RSS feed

0.1.2

0.1.1

This version

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

bastion_cli-0.1.0-py3-none-any.whl (10.8 kB view details)

Uploaded Python 3

File details

Details for the file bastion_cli-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: bastion_cli-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 10.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.4

File hashes

Hashes for bastion_cli-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 3387621e345e3949f9cfa38fc5cbe43da448d08f23cfa768183ef871f0ff0a54
MD5 3f4d491d523f064db5dac188db7f692c
BLAKE2b-256 c1619ba8d584e781349c2e98eabb321e8c8693b643d2eefed02b73be88469263

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page