SAST Scanning

Static Application Security Testing - scan your source code for vulnerabilities using 15+ open source tools.FREE

Integrated Tools

Semgrep

Pattern-based code analysis for 30+ languages

Bandit

Python security linter

Trivy

Vulnerability scanner for containers, IaC, dependencies

Gitleaks

Secret detection in git repos

Checkov

Infrastructure as Code scanner

Hadolint

Dockerfile linter

ESLint Security

JavaScript/TypeScript security rules

TruffleHog

High-entropy secret detection

+ More

tfsec, Kubescape, npm audit, pip-audit...

Quick Start

# Install CLI
pip install codephreak-security-auditor

# Scan current directory
codephreak scan

# Scan specific path
codephreak scan --target ./src

# Quick scan (faster, fewer tools)
codephreak scan --workflow quick-check

# Full audit (comprehensive)
codephreak scan --workflow full-audit

Output Formats

Generate reports in multiple formats for different use cases:

# JSON output (default)
codephreak scan --format json --output results.json

# SARIF format (GitHub Code Scanning compatible)
codephreak scan --format sarif --output results.sarif

# Multiple formats
codephreak scan --format json --format sarif --format html

Sample Output

$ codephreak scan --target ./myapp

๐Ÿ” CodePhreak Security Auditor v1.0.0
โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”

Running security scan on: ./myapp
Workflow: full-audit

[1/6] Running Semgrep...         โœ“ 12 findings
[2/6] Running Bandit...          โœ“ 3 findings
[3/6] Running Trivy...           โœ“ 8 findings
[4/6] Running Gitleaks...        โœ“ 2 findings
[5/6] Running Checkov...         โœ“ 5 findings
[6/6] Running Hadolint...        โœ“ 1 finding

โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”
   SCAN SUMMARY
โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”
โ”ƒ Severity   โ”ƒ Count โ”ƒ
โ”กโ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ”โ•‡โ”โ”โ”โ”โ”โ”โ”โ”ฉ
โ”‚ Critical   โ”‚   2   โ”‚
โ”‚ High       โ”‚   8   โ”‚
โ”‚ Medium     โ”‚  15   โ”‚
โ”‚ Low        โ”‚   6   โ”‚
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ดโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜

๐Ÿ“„ Report saved: ./codephreak_report.json

CI/CD Integration

Integrate into your CI/CD pipeline with exit codes and thresholds:

# GitHub Actions
- name: Security Scan
  run: |
    pip install codephreak-security-auditor
    codephreak scan --fail-on critical high

# GitLab CI
security_scan:
  script:
    - pip install codephreak-security-auditor
    - codephreak scan --format sarif --output gl-sast-report.sarif
  artifacts:
    reports:
      sast: gl-sast-report.sarif

Fail Thresholds

# Fail on critical only
codephreak scan --fail-on critical

# Fail on critical or high
codephreak scan --fail-on critical --fail-on high

# Fail on any finding
codephreak scan --fail-on critical --fail-on high --fail-on medium --fail-on low

Free Tier Includes

  • โœ“15+ integrated security tools
  • โœ“JSON and SARIF report generation
  • โœ“CI/CD pipeline integration
  • โœ“Local execution (no data leaves your machine)
  • โœ“Unlimited scans
  • โœ“Open source forever

Want More?

Upgrade to Premium for CSPM, DAST, Runtime Protection, Compliance Mapping, and more.

View Pricing โ†’