{"id":48546697,"url":"https://github.com/balasriharsha/shieldbot","last_synced_at":"2026-04-10T09:00:43.839Z","repository":{"id":349085405,"uuid":"1200991368","full_name":"BalaSriharsha/shieldbot","owner":"BalaSriharsha","description":"Shieldbot is an AI-powered security scanner that runs directly inside Claude Code. It combines 5,000+ static analysis rules with Claude's reasoning to detect vulnerabilities, hardcoded secrets, and CVE-affected dependencies — then synthesizes findings into a prioritized, actionable report.","archived":false,"fork":false,"pushed_at":"2026-04-08T05:13:32.000Z","size":114,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-04-08T07:03:01.665Z","etag":null,"topics":["ai","claude","claude-code","devops","devsecops","githubactions","opensource","python","security"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/BalaSriharsha.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-04-04T04:22:28.000Z","updated_at":"2026-04-08T05:12:09.000Z","dependencies_parsed_at":"2026-04-10T09:00:39.381Z","dependency_job_id":null,"html_url":"https://github.com/BalaSriharsha/shieldbot","commit_stats":null,"previous_names":["balasriharsha/shieldbot"],"tags_count":5,"template":false,"template_full_name":null,"purl":"pkg:github/BalaSriharsha/shieldbot","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BalaSriharsha%2Fshieldbot","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BalaSriharsha%2Fshieldbot/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BalaSriharsha%2Fshieldbot/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BalaSriharsha%2Fshieldbot/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/BalaSriharsha","download_url":"https://codeload.github.com/BalaSriharsha/shieldbot/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BalaSriharsha%2Fshieldbot/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31635969,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-10T07:40:12.752Z","status":"ssl_error","status_checked_at":"2026-04-10T07:40:11.664Z","response_time":98,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai","claude","claude-code","devops","devsecops","githubactions","opensource","python","security"],"created_at":"2026-04-08T07:00:53.305Z","updated_at":"2026-04-10T09:00:43.825Z","avatar_url":"https://github.com/BalaSriharsha.png","language":"Python","readme":"# Shieldbot — AI Security Code Review for Claude Code\n\n[![PyPI](https://img.shields.io/pypi/v/shieldbot-mcp)](https://pypi.org/project/shieldbot-mcp/)\n[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE)\n[![Python 3.11+](https://img.shields.io/badge/python-3.11+-blue.svg)](https://www.python.org/)\n[![MCP Compatible](https://img.shields.io/badge/MCP-compatible-green.svg)](https://modelcontextprotocol.io/)\n\n**Shieldbot** is an AI-powered security scanner that runs directly inside [Claude Code](https://claude.ai/code). It combines 5,000+ static analysis rules with Claude's reasoning to detect vulnerabilities, hardcoded secrets, and CVE-affected dependencies — then synthesizes findings into a prioritized, actionable report.\n\n\u003e One command. Full security audit. Zero context switching.\n\n---\n\n## What It Scans\n\n| Scanner | What It Catches |\n|---------|----------------|\n| **Semgrep** (5,000+ rules) | OWASP Top 10, CWE Top 25, SQL injection, XSS, SSRF, command injection, taint analysis |\n| **Bandit** | Python-specific security flaws (hardcoded passwords, weak crypto, shell injection) |\n| **Ruff** | Python code quality and security anti-patterns |\n| **detect-secrets** | API keys, tokens, passwords, private keys in source code |\n| **pip-audit** | Python dependency CVEs (PyPI Advisory Database) |\n| **npm audit** | Node.js dependency CVEs |\n\nAll scanners run **in parallel**. Findings are deduplicated, ranked by exploitability, and explained in plain English.\n\n---\n\n## Install as a Claude Code Plugin (Recommended)\n\n**Step 1 — Add the Shieldbot marketplace:**\n```\n/plugin marketplace add BalaSriharsha/shieldbot\n```\n\n**Step 2 — Install the plugin:**\n```\n/plugin install shieldbot\n```\n\n**Step 3 — Reload plugins:**\n```\n/reload-plugins\n```\n\n**Step 4 — Run a scan:**\n```\n/shieldbot .\n/shieldbot /path/to/repo\n/shieldbot . --min-severity critical\n/shieldbot . --git-history\n```\n\nOr just ask Claude naturally:\n- *\"scan this repo for security vulnerabilities\"*\n- *\"check my code for hardcoded secrets\"*\n- *\"audit my Python dependencies for CVEs\"*\n\n---\n\n## Install as a Standalone MCP Server\n\nAdd to your MCP client config (`.mcp.json` or `claude_desktop_config.json`):\n\n```json\n{\n  \"mcpServers\": {\n    \"shieldbot\": {\n      \"command\": \"uvx\",\n      \"args\": [\"shieldbot-mcp\"]\n    }\n  }\n}\n```\n\nOr install via pip:\n```bash\npip install shieldbot-mcp\n```\n\n---\n\n## MCP Tools\n\n| Tool | Description |\n|------|-------------|\n| `scan_repository` | Run a full parallel security scan and return a structured JSON report |\n| `check_scanner_tools` | Check which scanners are installed and available |\n\n### `scan_repository` parameters\n\n| Parameter | Type | Default | Description |\n|-----------|------|---------|-------------|\n| `repo_path` | string | required | Absolute path to the repository |\n| `skip_scanners` | list | `[]` | Scanners to skip (e.g. `[\"ruff\", \"bandit\"]`) |\n| `scan_git_history` | bool | `false` | Also scan git commit history for leaked secrets |\n| `min_severity` | string | `\"high\"` | Minimum severity to include (`critical`, `high`, `medium`, `low`, `info`) |\n\n---\n\n## GitHub Actions Integration\n\nAdd Shieldbot to any repository in 3 lines. Findings appear in the **Security \u003e Code Scanning** tab via SARIF upload.\n\n```yaml\n# .github/workflows/shieldbot.yml\nname: Shieldbot Security Scan\non:\n  push:\n    branches: [main, master]\n  pull_request:\n    branches: [main, master]\n  schedule:\n    - cron: '0 8 * * 1'  # Weekly scan\n\npermissions:\n  contents: read\n  security-events: write  # Required for Code Scanning upload\n\njobs:\n  shieldbot:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: actions/checkout@v4\n        with:\n          fetch-depth: 0\n      - uses: BalaSriharsha/shieldbot@main\n```\n\n**All available inputs:**\n\n| Input | Default | Description |\n|-------|---------|-------------|\n| `path` | `.` | Directory to scan |\n| `min-severity` | `high` | Minimum severity to report |\n| `fail-on` | `high` | Fail build if findings at or above this level |\n| `skip-scanners` | `` | Comma-separated scanners to skip |\n| `scan-git-history` | `false` | Scan git history for leaked secrets |\n| `upload-sarif` | `true` | Upload to GitHub Code Scanning |\n| `sarif-file` | `shieldbot-results.sarif` | SARIF output path |\n\n**Outputs:** `total-findings`, `risk-score`, `sarif-file`\n\nSee [`.github/workflows/shieldbot-example.yml`](.github/workflows/shieldbot-example.yml) for the full annotated example.\n\n---\n\n## Exit Codes (CI/CD Integration)\n\n| Code | Meaning |\n|------|---------|\n| `0` | Clean — no findings above threshold |\n| `1` | Medium+ findings detected |\n| `2` | High+ findings detected |\n| `3` | Critical findings detected |\n\nUse exit codes to gate deployments in GitHub Actions, GitLab CI, or any pipeline.\n\n---\n\n## How It Works\n\n1. **Detect** — Shieldbot profiles the repository (languages, package managers, git history)\n2. **Scan** — All applicable scanners run in parallel via `asyncio.gather()`\n3. **Deduplicate** — Findings are deduplicated by exact hash and proximity (±3 lines)\n4. **Analyze** — Claude synthesizes raw scanner output into prioritized findings with context\n5. **Report** — Structured output with executive summary, risk score, and remediation steps\n\n---\n\n## Requirements\n\n- Python 3.11+\n- [Claude Code](https://claude.ai/code) (for plugin mode)\n- External scanner tools are installed automatically as dependencies\n\n---\n\n## Contributing\n\nIssues and pull requests welcome at [github.com/BalaSriharsha/shieldbot](https://github.com/BalaSriharsha/shieldbot).\n\n---\n\n## License\n\nMIT — see [LICENSE](LICENSE)\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbalasriharsha%2Fshieldbot","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbalasriharsha%2Fshieldbot","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbalasriharsha%2Fshieldbot/lists"}