Latio Application Security Tester - Uses OpenAPI to scan for security issues in code changes
Project description
Latio Application Security Tester
Use OpenAI or Gemini to scan your code for security and health issues from the CLI. Bring your own tokens. Options to scan full code, code changes, or in pipeline.
About Latio
Find Security Tools
Install
pip install latio
export OPENAI_API_KEY=xxx
latio partial ./
How to Run Locally
- Get your OpenAI key from here, and/or your Google API key here
export OPENAI_API_KEY=<OpenAPI Key>and/orexport GEMINI_API_KEY=<Gemini API Key>- Scan only your changed files before merging with
latio partial /path/to/directory. This uses the GPT-3.5-turbo model by default. For Google, usepython latio partial /path/to/directory --model=gemini-pro - Scan your full application with
latio full /path/to/directory. This uses the beta model of gpt-4 by default. Scanning this application once for example took about $1. Due to the context window, you may need to pass specific folders. For google, uselatio full /path/to/directory --model=gemini-pro - You can specify
--modelwith the model name from open ai to experiment
How to Run in Pipeline
This will run OpenAI in pipeline against only your changed files. Here's an example of what it looks like, it uses GPT-3.5 to scan only changed files, so it's relatively cheap.
- Get your OpenAI token from here
- In your repository, go to
github.com/org/repo/settings/secrets/actionsand add a new Repository Secret calledOPENAI_API_KEYwith the value from OpenAI - Copy and paste the
.github/workflows/actions-template-security.yml(or-healthfor health scan) into your own.github/workflows/folder.
Command Line Options
latio partial <directory> [--model <model_name>] [--health]
Scans only the files that have been changed in the specified directory.
<directory>: Path to the directory where your project is located.--model <model_name>: (Optional) Specifies the name of the OpenAI model to use for the scan. Defaults togpt-3.5-turbo--health: (Optional) Runs a prompt focused on code optimization
Example:
latio partial /path/to/your/project --model gpt-3.5-turbo --health
latio full <directory> [--model <model_name>] [--health]
Scans only the files that have been changed in the specified directory.
<directory>: Path to the directory where your project is located.--model <model_name>: (Optional) Specifies the name of the OpenAI model to use for the scan. Defaults togpt-4-1106-preview--health: (Optional) Runs a prompt focused on code optimization
Example:
latio full /path/to/your/project --model gpt-4-1106-preview --health
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
latio-1.1.0.tar.gz
(24.1 kB
view details)
Built Distribution
latio-1.1.0-py3-none-any.whl
(19.0 kB
view details)
File details
Details for the file latio-1.1.0.tar.gz.
File metadata
- Download URL: latio-1.1.0.tar.gz
- Upload date:
- Size: 24.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.0.0 CPython/3.9.18
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 4b7635375bdbd4660a67a9eb52882adde61306e9a9f073ce6cb3918a64341307 |
|
| MD5 | 479e09cbc0e958b2e9e1dc6f0f16f430 |
|
| BLAKE2b-256 | 7f60ecdb222d78ec4f1b7bba220a61264a80be46f14f6ad54ee59c30720a5432 |
File details
Details for the file latio-1.1.0-py3-none-any.whl.
File metadata
- Download URL: latio-1.1.0-py3-none-any.whl
- Upload date:
- Size: 19.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.0.0 CPython/3.9.18
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 0e91189bb2e9a24e3b2fd34c00115be4b2010b73c5b8684bbad235f1693df43f |
|
| MD5 | 81ab22e34795cabe74e63453e53e4aca |
|
| BLAKE2b-256 | 30f6ab00d76fa1aaadb3ffbf46bb093dbfd54afe9e1724d881a81805a0820b48 |
