A CLI tool for AI-powered code security scanning
Project description
Code Security Vulnerabilities Scanner
GuardAI
GuardAI leverages multiple AI models, including OpenAI, Gemini, and custom self-hosted AI servers, to scan code for security vulnerabilities. It is designed to integrate seamlessly into CI/CD pipelines, such as GitHub Actions, allowing developers to automatically analyze their code for potential security issues during the development process.
Full Demo: https://github.com/codeguardai/demo
Features
-
Multi-AI Model Support:
- OpenAI Integration: Scan your code using OpenAI's powerful models like GPT-4 to identify potential security vulnerabilities.
- Gemini Integration: Leverage Gemini's capabilities to analyze code for security risks.
- Groq Integration: Uses Groq's Fast AI Inference
- Custom AI Server Integration: Connect to a self-hosted or privately hosted AI server to perform security scans, allowing for fully customizable and self-hosted AI solutions.
-
CI/CD Integration:
- Easily integrate the CLI tool into GitHub Actions, enabling automated code scanning for security vulnerabilities on every pull request.
- Provides support for running scans on specific branches or changes in a repository.
-
Flexible Scanning Options:
- Full Directory Scans: Analyze all files within a directory for comprehensive security analysis.
- PR-Specific Scans: Focus on files changed in a specific pull request to streamline the scanning process and reduce overhead.
Getting Started
Prerequisites
- Python 3.10 or higher
- API keys for the supported AI models:
- OpenAI API key
- Gemini API key
- Groq API key
- Access to a custom AI server (host, port, and optional token)
Installation
Option 1: Install via pip
You can install the tool directly from the repository using pip:
pip install guardai
This will allow you to use the guardai
command directly in your terminal.
Option 2: Clone the Repository
If you prefer to clone the repository and install the dependencies manually:
git clone https://github.com/codeguardai/guardai.git
cd guardai
pip install -r requirements.txt
pip install -r requirements-dev.txt
Usage
Scanning a Directory
To scan all files within a directory:
guardai --provider openai --directory path/to/your/code
Scanning with a Custom AI Server
To scan code using a custom AI server:
guardai --provider custom --host http://localhost --port 5000 --token your_token --directory path/to/your/code
Supported AI Providers
- OpenAI: Leverages GPT models for detailed security analysis.
- Gemini: Provides robust security analysis using Gemini's capabilities.
- Custom: Integrates with a self-hosted or privately hosted AI server, allowing for fully customizable solutions.
Future Work
-
Caching Implementation: A caching mechanism to store results of previously scanned files, reducing the number of API calls and optimizing performance.
-
Expanded Git Provider Support: The tool is currently integrated with GitHub for PR-based scanning, future plans include extending support to other Git providers like GitLab, Bitbucket, and Azure Repos.
Contributing
Contributions are welcome! Please fork the repository and submit a pull request with your improvements.
License
This project is licensed under the MIT License. See the LICENSE file for details.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.