OWASP Guard CLI: secure code inspector
Project description
OWASP Guard CLI
OWASP Guard is a prompt-engineered secure code inspection CLI for identifying OWASP Top 10 (2021) issues in source code.
It scans a repository or single file, performs chunked LLM analysis with a verification pass, then generates:
report.jsonfor pipelines and automationreport.mdfor human review and audit
Key Features
- OWASP-focused findings with confidence scoring
- Chunk-based analysis with route/function-aware heuristics
- Verification pass to reduce false positives
- Deduplication of repeated findings
- Progress-rich terminal UI
- Broad multi-language and config/IaC file support
Requirements
- Python
3.11+ - Groq API key
Installation
From PyPI:
pip install owasp-guard-cli
From source:
pip install -r requirements.txt
pip install -e .
Quick Start
- Configure API key:
owasp-guard init
- Run scan:
owasp-guard scan ./project --output-dir outputs
- Review outputs:
outputs/report.jsonoutputs/report.md
CLI Usage
Main help:
owasp-guard --help
owasp-guard help
Topic help:
owasp-guard help init
owasp-guard help scan
owasp-guard help reports
owasp-guard help errors
Alias entrypoint:
owasp help
owasp help scan
Common Commands
Initialize with provided key:
owasp-guard init --api-key gsk_xxx
Scan repo:
owasp-guard scan "D:\path\to\repo" --output-dir outputs
Scan single file:
owasp-guard scan "D:\path\to\file.py" --output-dir outputs
Fixed-scope evaluation:
owasp-guard scan "D:\path\to\repo" --max-files 10 --output-dir outputs
Custom model:
owasp-guard scan ./project --model llama-3.1-8b-instant
Report Schema Summary
report.json includes:
- tool metadata and report version
- methodology metadata
- scope metrics (
total_files,total_chunks,total_findings) - summary metrics (
risk_score_10, severity and OWASP distributions) - full findings list
report.md includes:
- executive summary and risk score
- OWASP and file impact distribution
- findings index and detailed evidence/fix sections
- priority action plan and remediation roadmap
Exit Codes
0: scan completed with no findings1: scan completed with findings2: invalid CLI usage3: runtime error
Error Types
Configuration Error: missing/invalid API key or unreadable configInput Error: bad path, unsupported file type, invalid--max-files, empty scopeAPI Error: model/provider failuresReport Error: output write/serialization failuresScan Error: chunking or scan pipeline failures
Repository Docs
- Project prompt evolution:
PROMPT_LOG.md - Tool benchmark worksheet:
comparison.md - Sample outputs:
report.md,testotpt/report.md,juiceotpt/report.md
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file owasp_guard_cli-0.2.1.tar.gz.
File metadata
- Download URL: owasp_guard_cli-0.2.1.tar.gz
- Upload date:
- Size: 30.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b201170cd230561e28d3894051c09f9b2dff4daac15ddf13009f2b9f44b642b5
|
|
| MD5 |
10da2ae26318a96511612754dcaaae4f
|
|
| BLAKE2b-256 |
af86165a82271f77251cd697aa30cc2950948752ccb48603a5bf2f15c331e360
|
Provenance
The following attestation bundles were made for owasp_guard_cli-0.2.1.tar.gz:
Publisher:
publish.yml on jeanclaudegeagea/owasp-guard
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
owasp_guard_cli-0.2.1.tar.gz -
Subject digest:
b201170cd230561e28d3894051c09f9b2dff4daac15ddf13009f2b9f44b642b5 - Sigstore transparency entry: 1013954893
- Sigstore integration time:
-
Permalink:
jeanclaudegeagea/owasp-guard@c169d93df8560eddde42b3a1fa575c7f02d80523 -
Branch / Tag:
refs/heads/main - Owner: https://github.com/jeanclaudegeagea
-
Access:
private
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@c169d93df8560eddde42b3a1fa575c7f02d80523 -
Trigger Event:
workflow_dispatch
-
Statement type:
File details
Details for the file owasp_guard_cli-0.2.1-py3-none-any.whl.
File metadata
- Download URL: owasp_guard_cli-0.2.1-py3-none-any.whl
- Upload date:
- Size: 34.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
98cd1a32323ee8c45eae207ede9058e927032077e0856affa08f5b610d57f9a9
|
|
| MD5 |
8935947b72cb01380917d82003df83f5
|
|
| BLAKE2b-256 |
da6eb47b09ead89a293675c95b5003b792c8f94024de97c244525d68e6c9c664
|
Provenance
The following attestation bundles were made for owasp_guard_cli-0.2.1-py3-none-any.whl:
Publisher:
publish.yml on jeanclaudegeagea/owasp-guard
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
owasp_guard_cli-0.2.1-py3-none-any.whl -
Subject digest:
98cd1a32323ee8c45eae207ede9058e927032077e0856affa08f5b610d57f9a9 - Sigstore transparency entry: 1013954918
- Sigstore integration time:
-
Permalink:
jeanclaudegeagea/owasp-guard@c169d93df8560eddde42b3a1fa575c7f02d80523 -
Branch / Tag:
refs/heads/main - Owner: https://github.com/jeanclaudegeagea
-
Access:
private
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@c169d93df8560eddde42b3a1fa575c7f02d80523 -
Trigger Event:
workflow_dispatch
-
Statement type: