Aggregate, normalize, and analyze static code analysis results.
Project description
Signal Engine
Signal Engine is a modular tool for aggregating, normalizing, and analyzing the
output of static code analysis tools.
It is designed to provide insight into top rules, top files, and clusters of
findings across multiple scans.
Signal Engine takes scan outputs, in JSON format, and transforms them into actionable insights:
- Top Rules – see which rules are triggered most frequently
- Top Files – identify the files with the highest number of findings
- Clusters – group related findings to reveal patterns and correlations
Currently supported tools
- semgrep
Features
- Ingest and parse JSON outputs from supported tools
- Normalize findings into a consistent structure
- Compute top rules and top files
- Group findings into basic clusters
- Export results in CSV format
Installation
pip install signal-engine
Usage
Ingesting results
Ingest findings from static analysis JSON files into the repository database.
Ingest multiple JSON files from a directory
signal-cli ingest --repo-name myrepo --tool semgrep /path/to/json_reports/
- --repo-name → name of the repository
- --tool → the tool that generated the findings (semgrep, bandit, etc.)
- positional argument → path to JSON file or directory containing multiple JSON files
Ingest a single JSON file
signal-cli ingest --repo-name myrepo --tool semgrep /path/to/json_reports/report.json
After ingest, all findings are stored in a SQLite database located in the standard user data directory, and can be queried with analyze or info.
Analyzing ingested results
By default, analyze prints results to standard output:
signal-cli analyze --repo-name myrepo
Optional CSV export with -o / --output:
signal-cli analyze --repo-name myrepo -o analysis.csv
Show Repository Info
Basic info about a repository’s ingestion:
signal-cli info --repo-name myrepo
A possible output can be something like:
Repository: myrepo
DB path: /home/user/.local/share/signal-engine/<hash>.db
Ingest time: 2026-02-03T14:25:01+00:00
Number of findings: 153
Verbose mode with top rules and tools:
signal-cli info --repo-name myrepo --verbose
Repository: myrepo
DB path: /home/user/.local/share/signal-engine/<hash>.db
Ingest time: 2026-02-03T14:25:01+00:00
Number of findings: 153
Tool version used for ingest: 0.1.2
Tools in DB: semgrep, bandit
Top 5 rules:
javascript.browser.security.eval-detected.eval-detected: 12
python.security.audit.use-of-exec: 8
...
Database migrations
Signal Engine uses a lightweight migration system to manage database schema
changes over time. Each repository database keeps track of applied migrations
via the schema_migrations table.
Migrations are distributed with the package and applied explicitly via the CLI.
This allows existing databases to be upgraded safely when new features introduce
schema changes (e.g. new tables such as metrics).
When running migrations, Signal Engine will:
- Detect which migrations are missing for a given repository database
- Apply them in order
- Record their application to avoid reapplying them in the future
This approach ensures backward compatibility with existing databases while allowing the schema to evolve as new analysis features are introduced.
Applying database migrations
Signal Engine ships with database migrations to evolve the schema of repository
databases over time (for example, when introducing new tables such as
metrics).
To apply migrations to a specific repository database, use the migrate command
and pass the repository name:
signal-cli migrate --repo-name myrepo
To check if a migration is needed, you can use the --check flag. Please note that this don't apply pending migrations.
signal-cli migrate --repo-name myrepo
LICENSE
License: AGPL v3 This project is licensed under the AGPLv3 license.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file signal_engine-0.3.0.tar.gz.
File metadata
- Download URL: signal_engine-0.3.0.tar.gz
- Upload date:
- Size: 25.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.11
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d414cc38bde3fb3f56226e1dea0ae847f73acd49a08337f69522e684890ff083
|
|
| MD5 |
538638f58685f7684fd513ecb83672eb
|
|
| BLAKE2b-256 |
48a08f4482a724f785279aa8c02e3d55c56b0ac3b078dd57d03123203ac9f629
|
File details
Details for the file signal_engine-0.3.0-py3-none-any.whl.
File metadata
- Download URL: signal_engine-0.3.0-py3-none-any.whl
- Upload date:
- Size: 25.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.11
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
6141075f52f70cb4f898bafe9ca25c990ab0baa1f3855466f7b1ff28f896df59
|
|
| MD5 |
161172a5de67a6ddb80397af48c30725
|
|
| BLAKE2b-256 |
72f61a651c2cf84287cf9c1bdeaeffecb00b1474f3350bb90f9bbb006e4b2c9c
|