Skip to main content

Calculate context-aware confidence scores for security findings

Project description

Context Confidence Rating (CCR)

License: MIT PyPI Python Version Status

CCR generates lightweight repository context for LLM-assisted security review.

It scans a codebase for useful review signals such as frameworks, dependencies, entry points, configuration files, tests, and security controls. The output can be pasted into an LLM prompt or used by reviewers to understand what context is available before triaging scanner findings.

CCR is a context completeness score. It does not prove whether a vulnerability is exploitable, and it does not replace CVSS, SAST, or manual security review.

Built by Secuarden.

Quick Start

pip install context-confidence-rating

# Score the repository's available review context
ccr /path/to/repo

# Generate LLM-ready context
ccr context /path/to/repo

# Generate file-specific context
ccr context /path/to/repo --file src/api/auth.py

What CCR Gives You

  • A 0-100 context completeness score
  • Repository architecture signals
  • Entrypoints and route-like files
  • Dependency and lockfile information
  • Security controls such as SECURITY.md, CODEOWNERS, and CI checks
  • File-specific hints for user input, database operations, auth checks, and validation
  • Markdown, JSON, and XML output for LLM workflows

Python API

from ccr import ContextAnalyzer, ContextGenerator

analyzer = ContextAnalyzer("/path/to/repo")
baseline = analyzer.calculate_repo_baseline_ccr()
print(f"Repository context score: {baseline.score}/100")

finding_context = analyzer.calculate_ccr({
    "file": "api/payments.py",
    "vulnerability": "SQL Injection",
    "severity": "HIGH",
})
print(finding_context.to_dict())

generator = ContextGenerator("/path/to/repo")
context = generator.generate_context(target_file="src/api/auth.py")
print(generator.to_markdown(context))

CLI Usage

# Human-readable score
ccr /path/to/repo

# Verbose reasoning
ccr /path/to/repo --verbose

# JSON score output
ccr /path/to/repo --json

# Include a scanner finding for context scoring
ccr /path/to/repo \
  --file "src/auth.py" \
  --vuln "Hardcoded Credentials" \
  --severity "CRITICAL"

LLM Context Generation

# Markdown, default
ccr context /path/to/repo

# JSON
ccr context /path/to/repo --format json

# XML
ccr context /path/to/repo --format xml

# Focus on one file
ccr context /path/to/repo --file src/api/auth.py

Example prompt:

Here is repository context generated by CCR:

<repo_context>
{paste CCR output}
</repo_context>

Here is a scanner finding:

<finding>
SQL Injection in api/users.py line 42
</finding>

Use the context to identify what should be manually checked before triage.

Score Meaning

Score Label Meaning
71-100 High Strong repository signals are available for review
41-70 Medium Some useful context exists, but reviewers should expect gaps
0-40 Low Limited context was detected; manual review needs more care

Signals

Signal Weight What It Means
Framework Detection 15 Framework or platform clues were found
Dependency Tracking 15 Dependency files or lockfiles were found
Dataflow Readiness 20 Imports, functions, and classes suggest code is structured enough to inspect
Entry Point Mapping 15 Route, API, or main entry files were found
Config Awareness 10 Configuration files were found
Security Controls 15 Security process files or scanner configs were found
Test Coverage 10 Test directories or test files were found

Installation

From PyPI:

pip install context-confidence-rating

From source:

git clone https://github.com/secuardenai/context-confidence-rating.git
cd context-confidence-rating
pip install -e ".[dev]"
pytest

CI Example

name: CCR Context Check

on: [pull_request]

jobs:
  ccr:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-python@v5
        with:
          python-version: "3.12"
      - run: pip install context-confidence-rating
      - run: ccr . --json > ccr-report.json
      - run: ccr context . --format markdown > repo-context.md

Development

pip install -e ".[dev]"
pytest
black ccr/ tests/ examples/
flake8 ccr/ tests/ examples/ --count --select=E9,F63,F7,F82 --show-source --statistics

Project Status

CCR is beta software. The current implementation is intentionally lightweight and heuristic-based. Contributions that improve precision, fixtures, language coverage, and documentation are welcome.

Security

Please report security issues privately. See SECURITY.md.

License

MIT License. See LICENSE.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

context_confidence_rating-0.1.4.tar.gz (29.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

context_confidence_rating-0.1.4-py3-none-any.whl (23.3 kB view details)

Uploaded Python 3

File details

Details for the file context_confidence_rating-0.1.4.tar.gz.

File metadata

File hashes

Hashes for context_confidence_rating-0.1.4.tar.gz
Algorithm Hash digest
SHA256 793e458d387abb4d0dcfe9863eefd2f3768b3531386ba5599f7efd7b9cb4c1f8
MD5 dc2f9363d2e1e078029a1e4fd65bde03
BLAKE2b-256 3df79da4223c1fae5ffe1d7dde558ee4ad6cb9a6af6d32e84610ccb14911b587

See more details on using hashes here.

File details

Details for the file context_confidence_rating-0.1.4-py3-none-any.whl.

File metadata

File hashes

Hashes for context_confidence_rating-0.1.4-py3-none-any.whl
Algorithm Hash digest
SHA256 f65de93990b0e8c5d2edfcc63030152bae8e235010c4a0141d596ffcdfdd89f4
MD5 e17af02587f8731dfea3e5387183ab4c
BLAKE2b-256 99971775a3a3f2b8ffdb58164c5ac65a7697e6485533d3c7a5d2674b9473e088

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page