Skip to main content

Open-source security scanner — SAST, SCA, Secrets, IaC, TON/Solana/CosmWasm/Solidity

Project description

TythanAI — Community Edition

Open-source security scanner with native Web3 auditing for TON, Solana, CosmWasm and Solidity — alongside SAST, SCA, secrets and IaC. One CLI. No account. No telemetry.

PyPI License: BSL 1.1 Python PRs welcome


pip install tythanai-community
tythanai scan ./your-project

That's it. No sign-up, no API key, no data leaves your machine.


See it in action

Point it at a folder and it tells you what's actually exploitable (example output):

  ______      __  __               ___    ____
 /_  __/_  __/ /_/ /_  ____ ____  /   |  /  _/
  / / / / / / __/ __ \/ __ `/ _ \/ /| |  / /
 / / / /_/ / /_/ / / / /_/ /  __/ ___ |_/ /
/_/  \__, /\__/_/ /_/\__,_/\___/_/  |_/___/
    /____/   Community Edition  v1.0

  Scanning ./your-project …

  FINDINGS

    1  CRITICAL  AWS secret exposed in source code
        app.py:3
        SEC-AWS_ACCESS_KEY  [secret_detector]

    2  CRITICAL  Potential reentrancy: state written after external call
        Vault.sol:6
        SC-SOL-001  [web3]

    3  HIGH      Low-level .call() return value not checked — silent failure
        Vault.sol:6
        SOL005  [solidity_scanner]

  SCAN SUMMARY
  Risk      : CRITICAL (95/100)
  Findings  : 5    (CRITICAL 3 · HIGH 2)

What's included in Community Edition

Everything below runs locally, free, with no account:

  • 🪙 Web3 auditing — core security checks for TON FunC/Tolk, Solidity/EVM, Solana/Anchor and CosmWasm (reentrancy, signer checks, replay, unchecked calls, access control…)
  • 🔍 SAST — Semgrep + a curated rule set across common languages (Python, JS/TS, Java, Go, Rust, PHP, Ruby)
  • 📦 SCA — dependency CVEs via OSV.dev with EPSS exploit-probability ranking, plus an offline fallback
  • 🔑 Secrets — API keys, tokens and private keys detected in your source
  • ☁️ IaC — Terraform, Kubernetes and CloudFormation misconfigurations
  • 📄 Reports — SARIF 2.1.0 (GitHub Code Scanning), JSON and HTML
  • 🔒 Private by design — fully local, no account, no telemetry

Community Edition is a fast, practical scanner that catches the most common, highest-impact issues. Deeper analysis (full rule library, symbolic/formal Web3 analysis, auto-fix PRs, CI integrations) lives in Pro / Enterprise — see the table below.


Usage

# Scan everything
tythanai scan ./myproject

# Only the checks you want
tythanai scan ./myproject --no-sast --no-sca   # e.g. secrets + IaC + web3 only

# Machine-readable output
tythanai scan ./myproject --sarif results.sarif   # upload to GitHub Code Scanning
tythanai scan ./myproject --json  report.json
tythanai scan ./myproject --html  report.html

# Quiet mode (findings + summary only, no banner)
tythanai scan ./myproject --quiet

Exit code is non-zero when findings are present, so it drops straight into CI.

GitHub Actions

name: Security Scan
on: [push, pull_request]
jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - run: pip install tythanai-community
      - run: tythanai scan . --sarif results.sarif
      - uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: results.sarif

Community vs Pro / Enterprise

Community Edition is genuinely useful on its own. Teams shipping production smart contracts — and audit firms — upgrade for depth, automation and support.

Capability Community (free) Pro / Enterprise
TON / Solidity / Solana / CosmWasm auditing Core checks Full rule set + deep analysis
Web3 symbolic execution & formal checks
SAST rule library up to 500 rules 3,400+ rules
Full CPG taint analysis (Go / Java / Rust)
SCA (OSV.dev + EPSS)
Secrets & IaC
AutoPR — auto-generated fix pull requests
AI-powered fix suggestions
DAST (active web scanning)
SBOM compliance (SPDX / CycloneDX)
SaaS dashboard, webhooks, multi-agent orchestration
Priority support & SLA
Reports SARIF · JSON · HTML + SBOM · compliance

Need Pro or Enterprise? TythanAI Pro is built for teams and audit firms running TON / Solana / Solidity engagements. To request access or a demo, open an issue or visit tythanai.io.


How Community Edition compares

TythanAI CE Semgrep OSS Slither Snyk
SAST partial
SCA (OSV.dev)
Secrets partial
Solidity / EVM
TON FunC / Tolk
Solana / Anchor
CosmWasm
SARIF output partial partial
No account required

Requirements

  • Python 3.10+
  • Optional: Semgrep (pip install semgrep) for the full SAST rule set

Contributing

Issues, rules and chain auditors are very welcome — see CONTRIBUTING.md. Found a security bug? See SECURITY.md.

If TythanAI saved you from shipping a vulnerability, a ⭐ helps other people find it.


License

Business Source License 1.1 — source-available, free for non-production and evaluation use; converts to Apache 2.0 on 2029-06-01.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

tythanai_community-1.0.3.tar.gz (52.3 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

tythanai_community-1.0.3-py3-none-any.whl (54.5 kB view details)

Uploaded Python 3

File details

Details for the file tythanai_community-1.0.3.tar.gz.

File metadata

  • Download URL: tythanai_community-1.0.3.tar.gz
  • Upload date:
  • Size: 52.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.11.15

File hashes

Hashes for tythanai_community-1.0.3.tar.gz
Algorithm Hash digest
SHA256 5ffdd2af1171c4e216a299d58b34db3c9ed4490bd68cfee96ce0cc8cafd0f653
MD5 0619503ddd2d11e26046ffae5df4bed4
BLAKE2b-256 ad31573640e1a5a3bc1e137ed2dd58898ab9870ca40727bd6d6d42226007360c

See more details on using hashes here.

File details

Details for the file tythanai_community-1.0.3-py3-none-any.whl.

File metadata

File hashes

Hashes for tythanai_community-1.0.3-py3-none-any.whl
Algorithm Hash digest
SHA256 d7e8f0739f807b081cff6e75274928b6ec5d7773b7cad0f8a99c28989e8eb784
MD5 ab7088f8b96641d9ab180daca9b1c12d
BLAKE2b-256 d07833d1f9a455f544208818843b8d3af776620003c2c225876c57ab6874f7d4

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page