A lightweight security tool that automatically scans source code for vulnerabilities, highlights risky patterns, and guides developers toward safer implementations to strengthen their applications' overall security posture.
Project description
vulguard 1.0.0
A lightweight CLI security tool that automatically scans source code for vulnerabilities, highlights risky patterns, and guides developers toward safer implementations to strengthen their applications' overall security posture.
Prerequisites
- Python
>=3.14 - An active GitHub Copilot subscription (used for AI-powered inspection)
Installation
pip install vulguard
Usage
vulguard [OPTIONS] COMMAND [ARGS]...
inspect — Scan files or directories
vulguard inspect [OPTIONS] PATHS...
| Option | Default | Description |
|---|---|---|
PATHS |
(required) | One or more files or directories to scan (recursive). |
--ext TEXT |
(all files) | Comma-separated extensions to inspect, e.g. py,js,ts. |
--output-dir PATH |
<cwd>/reports |
Directory where reports are written. |
--report TEXT |
vulguard-report |
Base filename for the report (no extension appended). |
--format [json|html] |
json |
Report format. Selecting html also produces a JSON file. |
--db-dir PATH |
~/.vulguard |
Directory for the SQLite session database. |
Examples
# Scan all Python files in src/ and write a JSON report to ./reports
vulguard inspect src/ --ext py
# Scan multiple paths and produce an HTML report
vulguard inspect src/ tests/ --ext py,js --format html --output-dir reports
# Use a custom report name and database directory
vulguard inspect src/ --report my-scan --db-dir /tmp/vg-db
Configuration
On first run, vulguard bootstraps a configuration directory and copies its default config.ini and logging.ini there. You can override the location with the VULGUARD_CONFIG_DIR environment variable:
# Windows (PowerShell)
$env:VULGUARD_CONFIG_DIR = "C:\Users\you\.vulguard"
# macOS / Linux
export VULGUARD_CONFIG_DIR="$HOME/.vulguard"
config.ini settings
| Section | Key | Default | Description |
|---|---|---|---|
model |
model |
claude-sonnet-4.6 |
GitHub Copilot model used for inspection. |
model |
timeout |
300 |
Per-file inspection timeout in seconds. |
retry |
max-attempts |
5 |
Maximum number of retry attempts on transient errors. |
retry |
base-delay |
0.5 |
Initial back-off delay in seconds. |
retry |
max-delay |
10.0 |
Maximum back-off delay in seconds. |
Development
Prerequisites
- Poetry
2.2+
Architecture
graph TD
CLI["cli.py\n(Click entry point)"]
Inspector["inspector.py\n(GitHub Copilot SDK)"]
DB["db.py\n(SQLite persistence)"]
Report["report.py\n(JSON / HTML output)"]
Config["config.py\n(config.ini reader)"]
Prompt["prompts/system-prompt.md\n(security prompt)"]
CLI -->|"collects files\norchestrates"| Inspector
CLI --> Config
Inspector --> Prompt
CLI -->|"persists results"| DB
CLI -->|"reads session"| DB
CLI -->|"builds & writes"| Report
Setup
poetry install
Format and Lint
poetry run black vulguard; poetry run pylint vulguard
Pylint must score 10.00/10 before committing.
Run Tests
poetry run pytest --cov=vulguard tests --cov-report html
Maintain ≥80 % coverage.
Fixture-based integration smoke test
poetry run vulguard inspect tests/fixtures --ext py --format html
Publishing to PyPI
Prerequisites
- A PyPI account with an API token.
Configure the token
poetry config pypi-token.pypi <your-token>
Build and publish
poetry publish --build
This builds the source distribution and wheel, then uploads them to PyPI in one step.
Note: PyPI releases are immutable. Once a version is published, it cannot be overwritten.
To fix a mistake, yank the release via the PyPI web UI and publish a new version.
Changelog
See CHANGELOG.md for the full release history.
License
This project is licensed under the MIT License.
Author
Ron Webb
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file vulguard-1.0.0.tar.gz.
File metadata
- Download URL: vulguard-1.0.0.tar.gz
- Upload date:
- Size: 18.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/2.3.4 CPython/3.14.4 Windows/11
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c7c45138ee99afd26c8235aceae3d9366d82d4ce89e7a58a4871359e0a24fd25
|
|
| MD5 |
f3aaec77b844e5d802f3a79abe99ec80
|
|
| BLAKE2b-256 |
6e9f44873e7076051cbe3a8e93d06e52fc8c4e0f165c8a140cb8efab86e2bb6e
|
File details
Details for the file vulguard-1.0.0-py3-none-any.whl.
File metadata
- Download URL: vulguard-1.0.0-py3-none-any.whl
- Upload date:
- Size: 20.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/2.3.4 CPython/3.14.4 Windows/11
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
2de802b94a9573b987d21b3e4f56e80fdc607646c018b016c4a3efa81edc5c9e
|
|
| MD5 |
5e9d5bd161f5e455b15a9de44d881c38
|
|
| BLAKE2b-256 |
c67dd99dfbb51b5a7654cc588549ff431e4e5609f9d8710683594c0b6f72c9b0
|
