Skip to main content

Open-source security scanner — SAST, SCA, Secrets, IaC, TON/Solana/CosmWasm/Solidity

Reason this release was yanked:

Replaced by 1.0.2 (clean community-only build)

Project description

TythanAI — Security Scanner

One scanner that combines native TON FunC/Tolk, Solana Anchor, and CosmWasm auditing with SAST, SCA, secrets, IaC, and AutoPR fix pull requests.

License: BSL 1.1 Python Tests GitHub Action


What it does

TythanAI scans your codebase and tells you which vulnerabilities matter:

  • SAST — static analysis with 3 462 custom rules across 12 languages
  • SCA — dependency CVEs via OSV.dev with EPSS exploit-probability scoring
  • Secrets — API keys, tokens, private keys in source and git history
  • IaC — Terraform, CloudFormation, Kubernetes misconfigurations
  • Web3 audit — TON FunC/Tolk, Solidity, Solana/Anchor, CosmWasm
  • AutoPR — auto-generated fix pull requests for HIGH/CRITICAL findings
  • SBOM — SPDX 2.3 and CycloneDX 1.4 output
  • SARIF — compatible with GitHub Code Scanning and SonarQube

Quick start (from source)

git clone https://github.com/tythanai/platform
cd platform
pip install -e ".[full]"
python ghost_cli_main.py scan ./myproject

PyPI package and Docker image are not yet published. Follow this repo for the release announcement.


GitHub Actions

# .github/workflows/security.yml
name: Security Scan
on: [push, pull_request]

jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: tythanai/scan-action@v1
        with:
          target: "./src"
          severity: "HIGH"
          fail_on: "HIGH"
          format: "sarif"
          upload_sarif: "true"

CLI reference

python ghost_cli_main.py scan [OPTIONS] TARGET

Options:
  --format       text | json | sarif | html  (default: text)
  --output       Write results to file
  --severity     Minimum severity: LOW | MEDIUM | HIGH | CRITICAL
  --quality      Include code quality analysis
  --multichain   Include Solana + CosmWasm auditor
  --dast URL     Passive DAST scan against URL (requires ZAP)
  --auto-fix     Generate fix PRs (dry-run without --github-token)

Supported languages and rule counts

Language Rules Notes
Python 359 Taint analysis + custom rules
JavaScript / TypeScript 231
Java 102 CPG taint analysis
Go 65 CPG taint analysis
Rust 45 CPG + unsafe block detection
PHP 65
Ruby 30
Solidity (EVM) 121 DeFi patterns, reentrancy, oracle
TON FunC / Tolk 46 Reentrancy, replay, weak random, bounce
Solana / Anchor 49 Signer check, CPI validation, PDA
CosmWasm 15 Admin check, reply ID, submsg ordering
Secrets (all languages) 416 Git history + live
IaC / Cloud / CI-CD 274 Terraform, K8s, CloudFormation

How TythanAI compares

Feature TythanAI Semgrep OSS Snyk GitHub GHAS
SAST partial
SCA (OSV.dev)
EPSS scoring
Secrets partial
TON FunC / Tolk
Solana / Anchor
CosmWasm
AutoPR fix PRs
SBOM (SPDX+CycloneDX) partial
No account required

Accuracy

Measured on a 98-case Python corpus (Juliet-style, 65 vulnerable / 33 safe):

Metric Score
Precision 90.0 %
Recall 83.1 %
F1 86.4 %

This measures only the TaintAnalyzer engine on Python taint cases. See BENCHMARK_REPORT.md for per-CWE breakdown and limitations.


Architecture

tythanai scan ./target
        │
        ├─► Semgrep + 3 462 custom rules ──► NormalizedFinding
        ├─► CPG TaintAnalyzer (Python/JS/Go/Java/Rust)
        ├─► Secrets Scanner (live + git history)
        ├─► OSV.dev SCA ──── CVEs + GHSAs ──► EPSS enrichment
        ├─► IaC / Container Scanner
        ├─► Web3 Auditors (TON / Solana / CosmWasm / Solidity)
        │
        ├─► FP Reducer (confidence scoring)
        ├─► AutoPR Agent (optional fix PRs)
        │
        └─► ReportGenerator
                ├─ SARIF 2.1.0
                ├─ JSON / HTML / Markdown
                └─ SBOM (SPDX 2.3, CycloneDX 1.4)

Requirements

  • Python 3.10+
  • Optional: Semgrep (pip install semgrep) for SAST rules
  • Optional: ZAP for DAST
  • Optional: ChromaDB for rules marketplace vector search

License

Business Source License 1.1 — source available, free for non-production and evaluation use. Commercial production use requires a licence. Converts to Apache 2.0 on 2029-06-01.


Contributing

See CONTRIBUTING.md. Security issues: SECURITY.md.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

tythanai_community-1.0.0.tar.gz (1.5 MB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

tythanai_community-1.0.0-py3-none-any.whl (1.7 MB view details)

Uploaded Python 3

File details

Details for the file tythanai_community-1.0.0.tar.gz.

File metadata

  • Download URL: tythanai_community-1.0.0.tar.gz
  • Upload date:
  • Size: 1.5 MB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.11.15

File hashes

Hashes for tythanai_community-1.0.0.tar.gz
Algorithm Hash digest
SHA256 458fec5f9c4c1f9ea712269d76c87b66c7a18f968f1ce4f0479e00c7d9788525
MD5 32c697305678be312952fffbe78c8e86
BLAKE2b-256 6d6dc0c890f5d4e012044c82f4d369e28beaf8f13c35fcbffe99e073846cf44d

See more details on using hashes here.

File details

Details for the file tythanai_community-1.0.0-py3-none-any.whl.

File metadata

File hashes

Hashes for tythanai_community-1.0.0-py3-none-any.whl
Algorithm Hash digest
SHA256 3534e5cbd740934a8d5f551e1a36eaf1d6a810e064f25bac1d306185f9146cd1
MD5 c038a32f87d6ea35ab5cac1172739c1e
BLAKE2b-256 b837cd4842b1f7a83c6f0ec6b53c425379991a249a4c6a22543e690898212ff3

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page