Skip to main content

OWASP Guard CLI: secure code inspector

Project description

OWASP Guard CLI

OWASP Guard is a prompt-engineered secure code inspection CLI for identifying OWASP Top 10 (2021) issues in source code.

It scans a repository or single file, performs chunked LLM analysis with a verification pass, then generates:

  • report.json for pipelines and automation
  • report.md for human review and audit

Key Features

  • OWASP-focused findings with confidence scoring
  • Chunk-based analysis with route/function-aware heuristics
  • Verification pass to reduce false positives
  • Deduplication of repeated findings
  • Progress-rich terminal UI
  • Broad multi-language and config/IaC file support

Requirements

  • Python 3.11+
  • Groq API key

Installation

From PyPI:

pip install owasp-guard-cli

From source:

pip install -r requirements.txt
pip install -e .

Quick Start

  1. Configure API key:
owasp-guard init
  1. Run scan:
owasp-guard scan ./project --output-dir outputs
  1. Review outputs:
  • outputs/report.json
  • outputs/report.md

CLI Usage

Main help:

owasp-guard --help
owasp-guard help

Topic help:

owasp-guard help init
owasp-guard help scan
owasp-guard help reports
owasp-guard help errors

Alias entrypoint:

owasp help
owasp help scan

Common Commands

Initialize with provided key:

owasp-guard init --api-key gsk_xxx

Scan repo:

owasp-guard scan "D:\path\to\repo" --output-dir outputs

Scan single file:

owasp-guard scan "D:\path\to\file.py" --output-dir outputs

Fixed-scope evaluation:

owasp-guard scan "D:\path\to\repo" --max-files 10 --output-dir outputs

Custom model:

owasp-guard scan ./project --model llama-3.1-8b-instant

Report Schema Summary

report.json includes:

  • tool metadata and report version
  • methodology metadata
  • scope metrics (total_files, total_chunks, total_findings)
  • summary metrics (risk_score_10, severity and OWASP distributions)
  • full findings list

report.md includes:

  • executive summary and risk score
  • OWASP and file impact distribution
  • findings index and detailed evidence/fix sections
  • priority action plan and remediation roadmap

Exit Codes

  • 0: scan completed with no findings
  • 1: scan completed with findings
  • 2: invalid CLI usage
  • 3: runtime error

Error Types

  • Configuration Error: missing/invalid API key or unreadable config
  • Input Error: bad path, unsupported file type, invalid --max-files, empty scope
  • API Error: model/provider failures
  • Report Error: output write/serialization failures
  • Scan Error: chunking or scan pipeline failures

Repository Docs

  • Project prompt evolution: PROMPT_LOG.md
  • Tool benchmark worksheet: comparison.md
  • Sample outputs: report.md, testotpt/report.md, juiceotpt/report.md

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

owasp_guard_cli-0.2.1.tar.gz (30.9 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

owasp_guard_cli-0.2.1-py3-none-any.whl (34.0 kB view details)

Uploaded Python 3

File details

Details for the file owasp_guard_cli-0.2.1.tar.gz.

File metadata

  • Download URL: owasp_guard_cli-0.2.1.tar.gz
  • Upload date:
  • Size: 30.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for owasp_guard_cli-0.2.1.tar.gz
Algorithm Hash digest
SHA256 b201170cd230561e28d3894051c09f9b2dff4daac15ddf13009f2b9f44b642b5
MD5 10da2ae26318a96511612754dcaaae4f
BLAKE2b-256 af86165a82271f77251cd697aa30cc2950948752ccb48603a5bf2f15c331e360

See more details on using hashes here.

Provenance

The following attestation bundles were made for owasp_guard_cli-0.2.1.tar.gz:

Publisher: publish.yml on jeanclaudegeagea/owasp-guard

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file owasp_guard_cli-0.2.1-py3-none-any.whl.

File metadata

File hashes

Hashes for owasp_guard_cli-0.2.1-py3-none-any.whl
Algorithm Hash digest
SHA256 98cd1a32323ee8c45eae207ede9058e927032077e0856affa08f5b610d57f9a9
MD5 8935947b72cb01380917d82003df83f5
BLAKE2b-256 da6eb47b09ead89a293675c95b5003b792c8f94024de97c244525d68e6c9c664

See more details on using hashes here.

Provenance

The following attestation bundles were made for owasp_guard_cli-0.2.1-py3-none-any.whl:

Publisher: publish.yml on jeanclaudegeagea/owasp-guard

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page