AI-powered security scanner for vibe-coded codebases
Project description
Bastion CLI
A command-line interface for Bastion security scanning tool, allowing developers to scan local codebases without leaving their IDE.
Features
- 11 Security Categories: Secrets, SQL injection, auth flaws, XSS, command injection, IDOR, client exposure, dependencies, misconfigurations, and prompt injection
- Multi-Language Support: Python, JavaScript, TypeScript, PHP, Java, Ruby, Go, Rust
- Rich Output: Beautiful tables, progress bars, and syntax highlighting
- Flexible Configuration: Custom patterns, severity filtering, and output formats
- Export Options: JSON output for CI/CD integration
Installation
pip install bastion
Quick Start
# Scan current directory
bastion scan
# Scan specific path
bastion scan /path/to/your/code
# Export results to JSON
bastion scan /path/to/code --output results.json --json
# Filter by severity
bastion scan /path/to/code --severity high
# Filter by category
bastion scan /path/to/code --category secrets
Commands
scan
Scan a codebase for security vulnerabilities.
bastion scan [PATH] [OPTIONS]
Options:
--output, -o: Export results to JSON file--patterns, -p: Custom security patterns file--extensions, -e: File extensions to scan (comma-separated)--severity, -s: Filter by minimum severity level--category, -c: Filter by category--json, -j: Output results in JSON format--quiet, -q: Only show results, no progress bars
init
Initialize Phalanx configuration in current directory.
phalanx init [--output OUTPUT]
version
Show version information.
phalanx version
Security Categories
| Category | Description | Severity |
|---|---|---|
| secrets | Hardcoded secrets and credentials | Critical |
| sql_injection | SQL injection vulnerabilities | High |
| auth_flaws | Authentication and authorization issues | High |
| xss | Cross-site scripting vulnerabilities | High |
| command_injection | Command injection vulnerabilities | Critical |
| idor | Insecure direct object references | Medium |
| client_exposure | Sensitive data on client side | Medium |
| dependencies | Vulnerable dependencies | Info |
| misconfigurations | Security misconfigurations | Medium |
| prompt_injection | AI prompt injection vulnerabilities | High |
Configuration
Create a .phalanx/config.json file for custom settings:
{
"scan_paths": ["src/", "lib/", "app/"],
"exclude_paths": ["node_modules/", ".git/", "__pycache__/"],
"file_extensions": [".py", ".js", ".ts", ".jsx", ".tsx"],
"severity_threshold": "medium",
"output_format": "table",
"custom_patterns": null
}
Exit Codes
0: No security issues found1: Security issues detected
Integration
GitHub Actions
name: Security Scan
on: [push, pull_request]
jobs:
phalanx:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Setup Python
uses: actions/setup-python@v4
with:
python-version: '3.9'
- name: Install Phalanx
run: pip install phalanx-cli
- name: Run Security Scan
run: phalanx scan . --output results.json --json
- name: Upload Results
uses: actions/upload-artifact@v3
with:
name: security-scan-results
path: results.json
CI/CD Pipeline
# Fail build on security issues
phalanx scan . --severity high || exit 1
# Generate SARIF for GitHub
phalanx scan . --output results.sarif --json
Contributing
- Fork the repository
- Create a feature branch
- Add your security patterns or features
- Run tests:
pytest - Submit a pull request
License
MIT License - see LICENSE file for details.
Support
🛡️ Scan smart, code secure - Phalanx CLI
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
bastion_cli-0.1.1.tar.gz
(10.3 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file bastion_cli-0.1.1.tar.gz.
File metadata
- Download URL: bastion_cli-0.1.1.tar.gz
- Upload date:
- Size: 10.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
5addb298b107ae337e1cbf6cff8ea1ed64236f1dae904e569fd04e8ea95f5cea
|
|
| MD5 |
8d853001dbd1c2f473394a08051da972
|
|
| BLAKE2b-256 |
5e44ed1b7ce76d042de6ea70457cf2094d42a13291c08d3eb531b5268e7f6fb1
|
File details
Details for the file bastion_cli-0.1.1-py3-none-any.whl.
File metadata
- Download URL: bastion_cli-0.1.1-py3-none-any.whl
- Upload date:
- Size: 10.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
67fcfc8c8dd35f5c1f7f8d0e892aa5080b2380b460efa722923d67c440e1350a
|
|
| MD5 |
5241f8e0ba2baec47154d8878cf6bf41
|
|
| BLAKE2b-256 |
27419d4f754c73b061952f3b7558dfb2d94254a1277982ee42c02c10bbffc14f
|
