# CodeScanAI
CodeScanAI utilizes a variety of AI models, including OpenAI, Gemini, and custom self-hosted AI servers, to scan your codebase for bad development practices. It is currently configure to catch potential security vulnerabilities, but will be extended to other use cases in the future.
It has been designed to enable seamless integration into CI/CD pipelines like GitHub Actions, or can be used via a simple command. CodeScanAI enables developers to automatically detect potential security issues in their code throughout the development process. [Try it out today](#getting-started)!
## Features
- **Support for Multiple AI Models:**
- **OpenAI Integration:** Utilize OpenAI's advanced models, such as GPT-4, to scan your code and identify potential security vulnerabilities, OR
- **Gemini Integration:** Tap into Gemini's expertise to analyze your code for security risks, OR
- **Custom AI Server Integration:** Connect with self-hosted or private AI servers for security scans, offering fully customizable and self-managed AI solutions.
- **CI/CD Integration:**
- Seamlessly integrate the CLI tool into GitHub Actions for automated security vulnerability scanning on every pull request.
- Supports targeted scans on specific branches or changes within a repository.
- **Flexible Scanning Options:**
- **Full Directory Scans:** Perform a comprehensive security analysis by scanning all files within a directory.
- **Changes Only Scan:** Only scan those files that have chnaged since the last scan.
- **PR-Specific Scans:** Target files modified in a specific pull request to optimize the scanning process and reduce overhead.
## Getting Started
### Prerequisites
- Python 3.10 or higher
- API keys for the supported AI models:
- OpenAI API key
- Gemini API key
- Access to a custom AI server (host, port, and optional token)
- Set an environment variable for your API key(s).
```bash
export OPENAI_API_KEY = 'your_openai_api_key'
```
OR
```bash
export GEMINI_API_KEY = 'your_gemini_api_key'
```
### Installation
#### Option 1: Install via pip
You can install the tool directly from the repository using pip:
```bash
pip install codescanai
```
This will allow you to use the `codescanai` command directly in your terminal.
#### Option 2: Clone the Repository
If you prefer to clone the repository and install the dependencies manually:
```bash
git clone https://github.com/codescan-ai/codescan.git
cd codescan
pip install -r requirements.txt
```
### Usage
#### Scanning files in your current directory
```bash
codescanai --provider openai
```
OR if you're cloning the repository,
```bash
python3 -m core.runner --provider openai
```
#### Scanning with a Custom AI Server
To scan code using a custom AI server:
```bash
codescanai --provider custom --host http://localhost --port 5000 --token your_token --directory path/to/your/code
```
### Supported arguments
| name | description | required | default |
| -------------- | --------------------------------------------------------- | -------- | -------------- |
| `provider` | <p>AI provider</p> | `true` | `""` |
| `model` | <p>AI model to use</p> | `false` | `""` |
| `directory` | <p>Directory to scan</p> | `false` | `.` |
| `changes_only` | <p>Scan only changed files</p> | `false` | `false` |
| `repo` | <p>GitHub repository</p> | `false` | `""` |
| `pr_number` | <p>Pull request number</p> | `false` | `""` |
| `github_token` | <p>GitHub API token</p> | `false` | `""` |
| `host` | <p>Custom AI server host</p> | `false` | `""` |
| `port` | <p>Custom AI server port</p> | `false` | `""` |
| `token` | <p>Token for authenticating with the custom AI server</p> | `false` | `""` |
| `endpoint` | <p>API endpoint for the custom server</p> | `false` | `/api/v1/scan` |
### Supported AI Providers
- **OpenAI:** Utilizes GPT models for in-depth security analysis.
- **Gemini:** Delivers strong security insights through Gemini's advanced capabilities.
- **Custom:** Connects with self-hosted or private AI servers for fully customizable solutions.
### Limitations
- **Large number of files:** We currently do not support scalable way to scan a large number of files on a single run. Depending on the capacity of your AI Provider, you might run into a `rate_limit_exceeded` error. To do this, you can create a custom solution that breaks down the number of files for each run.
## Future Work
- **Batch Processing:** For the limitation above, a future version will be to implement batch processing for a large number of files.
- **Caching Implementation:** A caching mechanism to store results of previously scanned files, reducing the number of API calls and optimizing performance.
- **Expanded Git Provider Support:** The tool is currently integrated with GitHub for PR-based scanning, future plans include extending support to other Git providers like GitLab, Bitbucket, and Azure Repos.
- **Expanded Development tools:** This will be a plan to expand this tool to be accessible in other development environments. For example, as a VSCode extension.
## Contributing
Contributions are welcome! Please fork the repository and submit a pull request with your improvements.
## License
This project is licensed under the MIT License. See the [LICENSE](LICENSE) file for details.
Raw data
{
"_id": null,
"home_page": null,
"name": "codescanai",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.10",
"maintainer_email": null,
"keywords": "code scanning, cli, github action, security, vulnerabilities check",
"author": null,
"author_email": "Caleb Abhulimhen <calebabhulimhen@gmail.com>",
"download_url": "https://files.pythonhosted.org/packages/ac/90/f4c146e0c28455f668dd962a27894661f3376dedc039f1e2a05a1f1b6b46/codescanai-0.1.1.tar.gz",
"platform": null,
"description": "# CodeScanAI\n\nCodeScanAI utilizes a variety of AI models, including OpenAI, Gemini, and custom self-hosted AI servers, to scan your codebase for bad development practices. It is currently configure to catch potential security vulnerabilities, but will be extended to other use cases in the future.\n\nIt has been designed to enable seamless integration into CI/CD pipelines like GitHub Actions, or can be used via a simple command. CodeScanAI enables developers to automatically detect potential security issues in their code throughout the development process. [Try it out today](#getting-started)!\n\n## Features\n\n- **Support for Multiple AI Models:**\n\n - **OpenAI Integration:** Utilize OpenAI's advanced models, such as GPT-4, to scan your code and identify potential security vulnerabilities, OR\n - **Gemini Integration:** Tap into Gemini's expertise to analyze your code for security risks, OR\n - **Custom AI Server Integration:** Connect with self-hosted or private AI servers for security scans, offering fully customizable and self-managed AI solutions.\n\n- **CI/CD Integration:**\n\n - Seamlessly integrate the CLI tool into GitHub Actions for automated security vulnerability scanning on every pull request.\n - Supports targeted scans on specific branches or changes within a repository.\n\n- **Flexible Scanning Options:**\n - **Full Directory Scans:** Perform a comprehensive security analysis by scanning all files within a directory.\n - **Changes Only Scan:** Only scan those files that have chnaged since the last scan.\n - **PR-Specific Scans:** Target files modified in a specific pull request to optimize the scanning process and reduce overhead.\n\n## Getting Started\n\n### Prerequisites\n\n- Python 3.10 or higher\n- API keys for the supported AI models:\n - OpenAI API key\n - Gemini API key\n - Access to a custom AI server (host, port, and optional token)\n- Set an environment variable for your API key(s).\n\n```bash\nexport OPENAI_API_KEY = 'your_openai_api_key'\n```\nOR \n\n```bash\nexport GEMINI_API_KEY = 'your_gemini_api_key'\n```\n\n### Installation\n\n#### Option 1: Install via pip\n\nYou can install the tool directly from the repository using pip:\n\n```bash\npip install codescanai\n```\n\nThis will allow you to use the `codescanai` command directly in your terminal.\n\n#### Option 2: Clone the Repository\n\nIf you prefer to clone the repository and install the dependencies manually:\n\n```bash\ngit clone https://github.com/codescan-ai/codescan.git\ncd codescan\npip install -r requirements.txt\n```\n\n### Usage\n\n#### Scanning files in your current directory\n\n```bash\ncodescanai --provider openai\n```\nOR if you're cloning the repository,\n```bash\npython3 -m core.runner --provider openai\n```\n\n#### Scanning with a Custom AI Server\n\nTo scan code using a custom AI server:\n\n```bash\ncodescanai --provider custom --host http://localhost --port 5000 --token your_token --directory path/to/your/code\n```\n\n### Supported arguments\n\n| name | description | required | default |\n| -------------- | --------------------------------------------------------- | -------- | -------------- |\n| `provider` | <p>AI provider</p> | `true` | `\"\"` |\n| `model` | <p>AI model to use</p> | `false` | `\"\"` |\n| `directory` | <p>Directory to scan</p> | `false` | `.` |\n| `changes_only` | <p>Scan only changed files</p> | `false` | `false` |\n| `repo` | <p>GitHub repository</p> | `false` | `\"\"` |\n| `pr_number` | <p>Pull request number</p> | `false` | `\"\"` |\n| `github_token` | <p>GitHub API token</p> | `false` | `\"\"` |\n| `host` | <p>Custom AI server host</p> | `false` | `\"\"` |\n| `port` | <p>Custom AI server port</p> | `false` | `\"\"` |\n| `token` | <p>Token for authenticating with the custom AI server</p> | `false` | `\"\"` |\n| `endpoint` | <p>API endpoint for the custom server</p> | `false` | `/api/v1/scan` |\n\n### Supported AI Providers\n\n- **OpenAI:** Utilizes GPT models for in-depth security analysis.\n- **Gemini:** Delivers strong security insights through Gemini's advanced capabilities.\n- **Custom:** Connects with self-hosted or private AI servers for fully customizable solutions.\n\n### Limitations\n\n- **Large number of files:** We currently do not support scalable way to scan a large number of files on a single run. Depending on the capacity of your AI Provider, you might run into a `rate_limit_exceeded` error. To do this, you can create a custom solution that breaks down the number of files for each run. \n\n## Future Work\n\n- **Batch Processing:** For the limitation above, a future version will be to implement batch processing for a large number of files.\n\n- **Caching Implementation:** A caching mechanism to store results of previously scanned files, reducing the number of API calls and optimizing performance.\n\n- **Expanded Git Provider Support:** The tool is currently integrated with GitHub for PR-based scanning, future plans include extending support to other Git providers like GitLab, Bitbucket, and Azure Repos.\n\n- **Expanded Development tools:** This will be a plan to expand this tool to be accessible in other development environments. For example, as a VSCode extension.\n\n## Contributing\n\nContributions are welcome! Please fork the repository and submit a pull request with your improvements.\n\n## License\n\nThis project is licensed under the MIT License. See the [LICENSE](LICENSE) file for details.\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "A CLI tool that scans your codebases for security vulnerabilities powered by powerful AI models.",
"version": "0.1.1",
"project_urls": {
"Homepage": "https://github.com/codescan-ai/codescan"
},
"split_keywords": [
"code scanning",
" cli",
" github action",
" security",
" vulnerabilities check"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "d4fd1b7008bf06645bf1d98facd35e984782bf7b559d41222375d4ce19108d41",
"md5": "1b99b0cb440bb6c00c63e04895297706",
"sha256": "7ce8b9fb6936b04c2e6bd03896085639c255e3eb467d60be98e6c25f00209795"
},
"downloads": -1,
"filename": "codescanai-0.1.1-py3-none-any.whl",
"has_sig": false,
"md5_digest": "1b99b0cb440bb6c00c63e04895297706",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.10",
"size": 13804,
"upload_time": "2024-08-28T06:35:29",
"upload_time_iso_8601": "2024-08-28T06:35:29.416991Z",
"url": "https://files.pythonhosted.org/packages/d4/fd/1b7008bf06645bf1d98facd35e984782bf7b559d41222375d4ce19108d41/codescanai-0.1.1-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "ac90f4c146e0c28455f668dd962a27894661f3376dedc039f1e2a05a1f1b6b46",
"md5": "d6111b667a57370d2f8739debe637d5c",
"sha256": "1aebce215cfb897da472b586c19020eb7025d3ed55949d6f5dbeca2e16efdae9"
},
"downloads": -1,
"filename": "codescanai-0.1.1.tar.gz",
"has_sig": false,
"md5_digest": "d6111b667a57370d2f8739debe637d5c",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.10",
"size": 10368,
"upload_time": "2024-08-28T06:35:30",
"upload_time_iso_8601": "2024-08-28T06:35:30.347407Z",
"url": "https://files.pythonhosted.org/packages/ac/90/f4c146e0c28455f668dd962a27894661f3376dedc039f1e2a05a1f1b6b46/codescanai-0.1.1.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-08-28 06:35:30",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "codescan-ai",
"github_project": "codescan",
"github_not_found": true,
"lcname": "codescanai"
}
JSON
