{"id":32483360,"url":"https://github.com/fraim-dev/fraim","last_synced_at":"2025-10-27T03:19:26.097Z","repository":{"id":301401009,"uuid":"1008673481","full_name":"fraim-dev/fraim","owner":"fraim-dev","description":"A flexible framework for security teams to build and deploy AI-powered workflows that complement their existing security operations.","archived":false,"fork":false,"pushed_at":"2025-10-22T19:53:38.000Z","size":19359,"stargazers_count":132,"open_issues_count":25,"forks_count":13,"subscribers_count":6,"default_branch":"main","last_synced_at":"2025-10-24T10:22:32.551Z","etag":null,"topics":["ai","llm","sast","security-tools"],"latest_commit_sha":null,"homepage":"https://www.fraim.dev","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/fraim-dev.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":".github/CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":".github/SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-06-25T23:19:54.000Z","updated_at":"2025-10-22T21:39:49.000Z","dependencies_parsed_at":"2025-07-18T19:23:17.480Z","dependency_job_id":"c2ee3ebf-9d5f-4d20-a5e6-a9ad4b54905c","html_url":"https://github.com/fraim-dev/fraim","commit_stats":null,"previous_names":["fraim-dev/fraim"],"tags_count":28,"template":false,"template_full_name":null,"purl":"pkg:github/fraim-dev/fraim","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fraim-dev%2Ffraim","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fraim-dev%2Ffraim/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fraim-dev%2Ffraim/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fraim-dev%2Ffraim/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/fraim-dev","download_url":"https://codeload.github.com/fraim-dev/fraim/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fraim-dev%2Ffraim/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":281179960,"owners_count":26456856,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-26T02:00:06.575Z","response_time":61,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai","llm","sast","security-tools"],"created_at":"2025-10-27T03:19:20.533Z","updated_at":"2025-10-27T03:19:21.182Z","avatar_url":"https://github.com/fraim-dev.png","language":"Python","funding_links":[],"categories":["Security Agents"],"sub_categories":["Autonomous Agents"],"readme":"# Fraim - A Security Engineer's AI Toolkit\n[![PyPI - Version](https://img.shields.io/pypi/v/fraim?style=flat\u0026logo=python\u0026logoColor=whitesmoke)](https://pypi.org/project/fraim/)\n[![GitHub Action - Version](https://img.shields.io/github/v/release/fraim-dev/fraim-action?style=flat\u0026logo=githubactions\u0026logoColor=whitesmoke\u0026label=github%20action)](https://github.com/marketplace/actions/fraim-security)\n[![GitHub Repo stars](https://img.shields.io/github/stars/fraim-dev/fraim?style=flat\u0026logo=github)](https://github.com/fraim-dev/fraim/stargazers)\n[![Build](https://img.shields.io/github/actions/workflow/status/fraim-dev/fraim/ci.yml?branch=main\u0026style=flat)](https://github.com/fraim-dev/fraim/actions/workflows/ci.yml)\n\n\n## 🔭 Overview\n\nFraim gives security engineers AI-powered workflows to help them leverage the power of AI to solve REAL business needs. The workflows in this project are companions to a security engineer to help them find, detect, fix, and flag vulnerabilities across the development lifecycle.\nYou can run Fraim as a CLI or inside Github Actions.\n\n## 🚩 Risk Flagger\n\nMost security teams do not have visibility into the code changes happening on a day-to-day basis, and it is unrealistic to review every change. Risk Flagger solves this by requesting review on a Pull Request only if a \"risk\" is identified. These \"risks\" can be defined to match your specific use cases (ie \"Flag any changes that make changes to authentication\").\n\n**Perfect for**:\n- Security teams with no visibility into code changes\n- Teams needing to focus limited security resources on the highest-priority risks\n- Organizations wanting to implement \"security left\" practices\n\n```bash\n# Basic risk flagger with built-in risks\nfraim run risk_flagger --model anthropic/claude-sonnet-4-20250514 --diff --base \u003cbase_sha\u003e --head \u003chead_sha\u003e --approver security\n\n# Custom risk considerations inline\nfraim run risk_flagger --model anthropic/claude-sonnet-4-20250514 --diff --base \u003cbase_sha\u003e --head \u003chead_sha\u003e --custom-risk-list-json '{\"Database Changes\": \"All changes to a database should be flagged, similarly any networking changes that might affect the database should be flagged.\"}' --custom-risk-list-action replace --approver security\n\n# Custom risk considerations\nfraim run risk_flagger --model anthropic/claude-sonnet-4-20250514 --diff --base \u003cbase_sha\u003e --head \u003chead_sha\u003e --custom-risk-list-filepath ./custom-risks.yaml --approver security\n```\n\nNOTE: we recommend using the Anthropic or OpenAI latest models for this workflow.\n\n\n\u003cimg src=\"assets/risk-flagger-preview.png\" alt=\"Risk Flagger Preview\" width=\"500\"/\u003e\n\n## 🛡️ Code Security Analysis\n\nMost security teams rely on signature-based scanners and scattered linters that miss context and overwhelm engineers with noise. Code Security Analysis applies LLM-powered, context-aware review to surface real vulnerabilities across languages (e.g. injection, authentication/authorization flaws, insecure cryptography, secret exposure, and unsafe configurations), explaining impact and suggesting fixes. It integrates cleanly into CI via SARIF output and can run on full repos or just diffs to keep PRs secure without slowing delivery.\n\n**Perfect for**:\n- Security teams needing comprehensive vulnerability coverage\n- Organizations requiring compliance with secure coding standards\n- Teams wanting to catch vulnerabilities before they reach production\n\n```bash\n# Comprehensive code analysis\nfraim run code --location https://github.com/username/repo-name\n\n# Focus on recent changes\nfraim run code --location . --diff --base main --head HEAD\n```\n\n## 🏗️ Infrastructure as Code (IAC) Analysis  \n\nCloud misconfigurations often slip through because policy-as-code checks and scattered linters miss context across modules, environments, and providers. Infrastructure as Code Analysis uses LLM-powered, context-aware review of Terraform, CloudFormation, and Kubernetes manifests to spot risky defaults, excessive permissions, insecure networking and storage, and compliance gaps—explaining impact and proposing safer configurations. It integrates cleanly into CI via SARIF and can run on full repos or just diffs to prevent drift without slowing delivery.\n\n**Perfect for**:\n- DevOps teams managing cloud infrastructure\n- Organizations with strict compliance requirements\n- Teams implementing Infrastructure as Code practices\n- Security teams overseeing cloud security posture\n\n```bash\n# Analyze infrastructure configurations\nfraim run iac --location https://github.com/username/repo-name\n```\n\n## 🚀 Getting Started\n\n### Github Action Quick Start\n\nNOTE: This example assumes you are using an Anthropic based model.\n\nSet your API key as a Secret in your repo. - Settings -\u003e Secrets and Variables -\u003e New Repository Secret -\u003e ANTHROPIC_API_KEY\nDefine your workflow inside your repo at .github/workflows/\u003caction_name\u003e.yml\n\n```yaml\nname: AI Security Scan\non:\n  pull_request:\n    branches: [main]\n\njobs:\n  security-scan:\n    runs-on: ubuntu-latest\n    permissions:\n      contents: read\n      actions: read\n      security-events: write # Required for uploading SARIF\n      pull-requests: write # Required for PR comments and annotations\n\n    steps:\n      - name: Run Fraim Security Scan\n        uses: fraim-dev/fraim-action@v0\n        with:\n          anthropic-api-key: ${{ secrets.ANTHROPIC_API_KEY }}\n          workflows: \"code\"\n```\n\n### CLI Quick Start\n\n#### Prerequisites\n\n- **Python 3.12+**\n- **[pipx](https://pipx.pypa.io/stable/installation/) installation tool**\n- **API Key** for your chosen AI provider (Google Gemini, OpenAI, etc.)\n\n#### Installation\n\nNOTE: These instructions are for Linux based systems, see [docs](https://docs.fraim.dev/installation) for Windows installation instructions\n\n1. **Install Fraim**:\n\n```bash\npipx install fraim\n```\n\n2. **Configure your AI provider**:\n\n   #### Google Gemini\n\n   1. Get an API key from [Google AI Studio](https://makersuite.google.com/app/apikey)\n   2. Export it in your environment:\n      ```\n      export GEMINI_API_KEY=your_api_key_here\n      ```\n\n   #### OpenAI\n\n   3. Get an API key from [OpenAI Platform](https://platform.openai.com/api-keys)\n   4. Export it in your environment:\n      ```\n      export OPENAI_API_KEY=your_api_key_here\n      ```\n\n### Common CLI Arguments\n\n#### Global Options (apply to all commands)\n\n- `--debug`: Enable debug logging for troubleshooting\n- `--show-logs SHOW_LOGS`: Print logs to standard error output  \n- `--log-output LOG_OUTPUT`: Specify directory for log files\n- `--observability langfuse`: Enable LLM observability and analytics\n\n#### Workflow Options (apply to most workflows)\n\n- `--location LOCATION`: Repository URL or local path to analyze\n- `--model MODEL`: AI model to use (default varies by workflow, e.g., `gemini/gemini-2.5-flash`)\n- `--temperature TEMPERATURE`: Model temperature setting (0.0-1.0, default: 0)\n- `--chunk-size CHUNK_SIZE`: Number of lines per processing chunk\n- `--limit LIMIT`: Maximum number of files to scan\n- `--globs GLOBS`: File patterns to include in analysis\n- `--max-concurrent-chunks MAX_CONCURRENT_CHUNKS`: Control parallelism\n\n#### Git Diff Options\n\n- `--diff`: Analyze only git diff instead of full repository\n- `--head HEAD`: Git head commit for diff (default: HEAD)\n- `--base BASE`: Git base commit for diff (default: empty tree)\n\n#### Pull Request Integration  \n\n- `--pr-url PR_URL`: URL of pull request to analyze\n- `--approver APPROVER`: GitHub username/group to notify\n\n### Observability\n\nFraim supports optional observability and tracing through [Langfuse](https://langfuse.com), which helps track workflow performance, debug issues, and analyze AI model usage.\n\nTo enable observability:\n\n1. **Install with observability support**:\n\n```bash\npipx install 'fraim[langfuse]'\n```\n\n2. **Enable observability during execution**:\n\n```bash\nfraim --observability langfuse run code --location /code\n```\n\nThis will trace your workflow execution, LLM calls, and performance metrics in Langfuse for analysis and debugging.\n\n## 💬 Community \u0026 Support\n\nJoin our growing community of security professionals using Fraim:\n\n- **Documentation**: Visit [docs.fraim.dev](https://docs.fraim.dev) for comprehensive guides and tutorials\n- **Schedule a Demo**: [Book time with our team](https://calendly.com/fraim-dev/fraim-intro) - We'd love to help! Schedule a call for anything related to Fraim (debugging, new integrations, customizing workflows, or even just to chat)\n- **Slack Community**: [Join our Slack](https://join.slack.com/t/fraimworkspace/shared_invite/zt-38cunxtki-B80QAlLj7k8JoPaaYWUKNA) - Get help, share ideas, and connect with other security minded people looking to use AI to help their team succeed\n- **Issues**: Report bugs and request features via GitHub Issues\n- **Contributing**: See the [contributing guide](CONTRIBUTING.md) for more information.\n\n## 🛠️ \"Fraim\"-work Development\n\n### Building Custom Workflows\n\nFraim makes it easy to create custom security workflows tailored to your organization's specific needs:\n\n### Key Framework Components\n\n- **Workflow Engine**: Orchestrates AI agents and tools in flexible, composable patterns\n- **LLM Integrations**: Support for multiple AI providers with seamless switching\n- **Tool System**: Extensible security analysis tools that can be combined and customized\n- **Input Connectors**: Git repositories, file systems, APIs, and custom data sources\n- **Output Formatters**: JSON, SARIF, HTML reports, and custom output formats\n\n### Configuration System\n\nFraim uses a flexible configuration system that allows you to:\n\n- Customize AI model parameters for optimal performance\n- Configure workflow-specific settings and thresholds\n- Set up custom data sources and input methods\n- Define custom output formats and destinations\n- Manage API keys and authentication\n\nSee the `fraim/config/` directory for configuration options.\n\n#### 1. Define Input and Output Types\n\n```python\n# workflows/\u003cname\u003e/workflow.py\n@dataclass\nclass MyWorkflowInput:\n    \"\"\"Input for the custom workflow.\"\"\"\n    code: Contextual[str]\n    config: Config\n\ntype MyWorkflowOutput = List[sarif.Result]\n```\n\n#### 2. Create Workflow Class\n\n```python\n# workflows/\u003cname\u003e/workflow.py\n\n# Define file patterns for your workflow\nFILE_PATTERNS = [\n    '*.config', '*.ini', '*.yaml', '*.yml', '*.json'\n]\n\n# Load prompts from YAML files\nPROMPTS = PromptTemplate.from_yaml(os.path.join(os.path.dirname(__file__), \"my_prompts.yaml\"))\n\n@workflow('my_custom_workflow')\nclass MyCustomWorkflow(Workflow[MyWorkflowInput, MyWorkflowOutput]):\n    \"\"\"Analyzes custom configuration files for security issues\"\"\"\n\n    def __init__(self, config: Config, *args, **kwargs):\n        super().__init__(config, *args, **kwargs)\n\n        # Construct an LLM instance\n        llm = LiteLLM.from_config(config)\n\n        # Construct the analysis step\n        parser = PydanticOutputParser(sarif.RunResults)\n        self.analysis_step = LLMStep(llm, PROMPTS[\"system\"], PROMPTS[\"user\"], parser)\n\n    async def workflow(self, input: MyWorkflowInput) -\u003e MyWorkflowOutput:\n        \"\"\"Main workflow execution\"\"\"\n\n        # 1. Analyze the configuration file\n        analysis_results = await self.analysis_step.run({\"code\": input.code})\n\n        # 2. Filter results by confidence threshold\n        filtered_results = self.filter_results_by_confidence(\n            analysis_results.results, input.config.confidence\n        )\n\n        return filtered_results\n\n    def filter_results_by_confidence(self, results: List[sarif.Result], confidence_threshold: int) -\u003e List[sarif.Result]:\n        \"\"\"Filter results by confidence.\"\"\"\n        return [result for result in results if result.properties.confidence \u003e confidence_threshold]\n```\n\n#### 3. Create Prompt Files\n\nCreate `my_prompts.yaml` in the same directory:\n\n```yaml\nsystem: |\n  You are a configuration security analyzer.\n\n  Your job is to analyze configuration files for security misconfigurations and vulnerabilities.\n\n  \u003cvulnerability_types\u003e\n    Valid vulnerability types (use EXACTLY as shown):\n\n    - Hardcoded Credentials\n    - Insecure Defaults\n    - Excessive Permissions\n    - Unencrypted Storage\n    - Weak Cryptography\n    - Missing Security Headers\n    - Debug Mode Enabled\n    - Exposed Secrets\n    - Insecure Protocols\n    - Missing Access Controls\n  \u003c/vulnerability_types\u003e\n\n  {{ output_format }}\n\nuser: |\n  Analyze the following configuration file for security issues:\n\n  {{ code }}\n```\n\n## Stargazers\n\n\u003cpicture\u003e\n  \u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"https://api.star-history.com/svg?repos=fraim-dev/fraim\u0026type=Date\u0026theme=dark\" /\u003e\n  \u003csource media=\"(prefers-color-scheme: light)\" srcset=\"https://api.star-history.com/svg?repos=fraim-dev/fraim\u0026type=Date\" /\u003e\n  \u003cimg alt=\"Star History Chart\" src=\"https://api.star-history.com/svg?repos=fraim-dev/fraim\u0026type=Date\" /\u003e\n\u003c/picture\u003e\n\n## 📄 License\n\nThis project is licensed under the MIT License - see the LICENSE file for details.\n\n---\n\n_Fraim is built by security teams, for security teams. Help us make AI-powered security accessible to everyone._\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffraim-dev%2Ffraim","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffraim-dev%2Ffraim","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffraim-dev%2Ffraim/lists"}