AI-Powered Secure Code Review CLI
Why AI Secure Review CLI?
Traditional static analysis tools often miss complex security vulnerabilities and produce high false-positive rates. AI Secure Review CLI combines pattern-based detection with advanced AI models to provide:
- Context-aware analysis that understands your code's intent
- Fast and efficient alternative to manual code reviews
- Intelligent fix suggestions powered by AI
- Multi-line vulnerability detection (e.g., complex SSTI or injection chains)
Core Capabilities
- AI-Powered Analysis: Utilizes Hugging Face's state-of-the-art models for deep code understanding
- Multi-Language Support: Supports Python, Go, Java, and C# (more coming soon)
- OWASP Top 10 Mapping: Automatically categorizes vulnerabilities according to industry standards
- Offline Mode: Pattern-based detection functions without an internet connection
- Flexible Report Generation: Output in JSON, HTML, Markdown, or rich console format
Advanced Detection
Detects a wide range of critical security issues, including:
- SQL Injection – including multi-statement attacks
- Command Injection – OS command execution vulnerabilities
- Server-Side Template Injection (SSTI) – including multi-line Flask/Jinja2 cases
- Path Traversal – directory traversal and file inclusion
- Hardcoded Secrets – API keys, passwords, and tokens
- Insecure Deserialization – vulnerabilities in Pickle, YAML, and JSON
- Weak Cryptography – detection of outdated or poorly implemented crypto
Installation
- git clone https://github.com/A-m-anuel/ai-security-scanner.git
- cd ai-security-scanner
- cd ai-secure-review-cli
- pip install -r requirements.txt
- pip install -e .
Get Your API Key (Free)
- Visit Hugging Face (https://huggingface.co/) and create a free account
- Go to Settings → Access Tokens
- Create a new token with read permissions
Scan your project
- python cli.py scan --path ./your-project
Generate an HTML report
- python cli.py scan --path ./your-project --format html --output report.html