{"id":31135900,"url":"https://github.com/haasonsaas/aiscan","last_synced_at":"2025-09-18T07:46:40.524Z","repository":{"id":296975091,"uuid":"995177052","full_name":"haasonsaas/aiscan","owner":"haasonsaas","description":"⚡ Blazing-fast security scanner for AI/LLM usage in codebases. Detect vulnerabilities, enforce budgets, and audit AI implementations.","archived":false,"fork":false,"pushed_at":"2025-06-03T05:19:13.000Z","size":49,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"master","last_synced_at":"2025-06-03T18:17:01.858Z","etag":null,"topics":["code-analysis","llm","owasp","rust","scanner","security","security-audit","static-analysis"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/haasonsaas.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-06-03T04:52:43.000Z","updated_at":"2025-06-03T05:38:56.000Z","dependencies_parsed_at":"2025-06-03T18:27:18.701Z","dependency_job_id":null,"html_url":"https://github.com/haasonsaas/aiscan","commit_stats":null,"previous_names":["haasonsaas/aiscan"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/haasonsaas/aiscan","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/haasonsaas%2Faiscan","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/haasonsaas%2Faiscan/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/haasonsaas%2Faiscan/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/haasonsaas%2Faiscan/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/haasonsaas","download_url":"https://codeload.github.com/haasonsaas/aiscan/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/haasonsaas%2Faiscan/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":275732054,"owners_count":25518090,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-18T02:00:09.552Z","response_time":77,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["code-analysis","llm","owasp","rust","scanner","security","security-audit","static-analysis"],"created_at":"2025-09-18T07:46:35.193Z","updated_at":"2025-09-18T07:46:40.510Z","avatar_url":"https://github.com/haasonsaas.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# aiscan - AI Risk Scanner\n\n[![CI](https://github.com/haasonsaas/aiscan/actions/workflows/ci.yml/badge.svg)](https://github.com/haasonsaas/aiscan/actions/workflows/ci.yml)\n[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)\n\nA blazing-fast Rust CLI tool that inventories AI/LLM usage in codebases, audits for security vulnerabilities, and enforces spend limits.\n\n## Features\n\n- **Fast AST-based scanning** using tree-sitter for 500+ languages\n- **Pattern matching** for popular AI frameworks (OpenAI, Anthropic, LangChain, Autogen, CrewAI)\n- **Security audit** with OWASP LLM Top 10 vulnerability detection\n- **Cost guardrails** with token counting and budget enforcement\n- **CI/CD ready** with machine-readable output and exit codes\n- **Parallel processing** for blazing-fast performance\n\n## Installation\n\n### From Source\n\n```bash\ngit clone https://github.com/haasonsaas/aiscan.git\ncd aiscan\ncargo install --path .\n```\n\n### Pre-built Binaries (Coming Soon)\n\n```bash\n# macOS\ncurl -L https://github.com/haasonsaas/aiscan/releases/latest/download/aiscan-darwin-amd64 -o aiscan\nchmod +x aiscan\n\n# Linux\ncurl -L https://github.com/haasonsaas/aiscan/releases/latest/download/aiscan-linux-amd64 -o aiscan\nchmod +x aiscan\n\n# Windows\ncurl -L https://github.com/haasonsaas/aiscan/releases/latest/download/aiscan-windows-amd64.exe -o aiscan.exe\n```\n\n## Usage\n\n### Initialize Configuration\n\nFirst, create a configuration file in your project:\n\n```bash\naiscan init\n```\n\nThis creates `.aiscan.toml` with default settings:\n\n```toml\n[limits]\nmax_tokens = 50000      # Maximum tokens for LLM analysis\nmax_requests = 100      # Maximum API requests\nmax_usd = 20.0         # Maximum spend in USD\n\n[scan]\nexclude_patterns = [\"node_modules/**\", \"venv/**\", \".git/**\"]\ninclude_hidden = false\nfollow_symlinks = false\nmax_file_size_mb = 10\n\n[audit]\nllm_model = \"gpt-4o\"\ntemperature = 0.1\nenable_llm_audit = true\n```\n\n### Scan for AI Usage\n\nInventory all AI/LLM calls in your codebase:\n\n```bash\n# Scan current directory\naiscan scan .\n\n# Scan specific directory\naiscan scan src/\n\n# Save results to file\naiscan scan . --output inventory.json\n```\n\nExample output:\n```\nAI Usage Inventory Summary\n==================================================\nFiles scanned: 152\nTotal lines: 12,543\nAI/LLM calls found: 23\nScan duration: 245ms\n\nTop AI Wrappers:\n  openai_api - 12 calls\n  langchain - 6 calls\n  anthropic_api - 3 calls\n  autogen - 2 calls\n```\n\n### Security Audit\n\nRun a comprehensive security audit:\n\n```bash\n# Audit current directory\naiscan audit .\n\n# Save detailed report\naiscan audit . --output report.json\n\n# Output as JSON\naiscan audit . --json\n```\n\nExample findings:\n```\nSecurity Audit Results\n==================================================\n\nSummary:\n  Total findings: 5\n  2 High\n  3 Medium\n\nFindings:\n\n1. Potential hardcoded API key detected [HIGH]\n   File: src/config.py:23\n   Type: ApiKeyExposure\n   Rationale: API keys should be stored in environment variables or secure vaults\n   Fix: Move API key to environment variable or use a secrets management service\n\n2. AI call without apparent input validation [MEDIUM]\n   File: src/chat.py:45\n   Type: MissingInputValidation\n   Rationale: User inputs to AI models should be validated to prevent prompt injection\n   Fix: Add input validation before passing to AI model\n```\n\n### CI/CD Integration\n\nUse in your CI pipeline:\n\n```bash\n# Returns exit code: 0=clean, 1=vulnerabilities, 137=budget exceeded\naiscan ci . --json\n```\n\n#### GitHub Actions Example\n\n```yaml\nname: AI Security Scan\non: [push, pull_request]\n\njobs:\n  ai-scan:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: actions/checkout@v4\n      \n      - name: Install aiscan\n        run: |\n          curl -L https://github.com/haasonsaas/aiscan/releases/latest/download/aiscan-linux-amd64 -o aiscan\n          chmod +x aiscan\n          \n      - name: Run AI security scan\n        run: ./aiscan ci . --json\n```\n\n#### GitLab CI Example\n\n```yaml\nai-security-scan:\n  stage: test\n  script:\n    - curl -L https://github.com/haasonsaas/aiscan/releases/latest/download/aiscan-linux-amd64 -o aiscan\n    - chmod +x aiscan\n    - ./aiscan ci . --json\n  allow_failure: false\n```\n\n### Advanced Usage\n\n#### Custom Patterns\n\nAdd custom detection patterns in `.aiscan.toml`:\n\n```toml\n[[audit.custom_rules]]\nid = \"CUSTOM-001\"\npattern = \"my_custom_ai_wrapper\"\nseverity = \"high\"\nmessage = \"Custom AI wrapper detected without rate limiting\"\n```\n\n#### Baseline Mode\n\nSuppress unchanged findings in CI:\n\n```bash\n# Generate baseline\naiscan audit . --output baseline.json\n\n# Check against baseline\naiscan ci . --baseline baseline.json\n```\n\n#### Environment Variables\n\n```bash\n# Set API key for LLM-powered analysis\nexport OPENAI_API_KEY=sk-...\n\n# Override config settings\nexport AISCAN_MAX_TOKENS=100000\nexport AISCAN_MAX_USD=50.0\n```\n\n## Configuration\n\nCreate `.aiscan.toml` in your project root:\n\n```toml\n[limits]\nmax_tokens = 50000\nmax_requests = 100\nmax_usd = 20.0\n\n[scan]\nexclude_patterns = [\"node_modules/**\", \"venv/**\", \".git/**\"]\ninclude_hidden = false\nfollow_symlinks = false\nmax_file_size_mb = 10\n\n[audit]\nllm_model = \"gpt-4o\"\ntemperature = 0.1\nenable_llm_audit = true\n```\n\n## Exit Codes\n\n- `0` - Clean scan, no issues found\n- `1` - Security vulnerabilities detected\n- `137` - Budget exceeded\n- Other - Tool error\n\n## Security Findings\n\naiscan detects vulnerabilities based on OWASP LLM Top 10:\n\n- **LLM01** - Prompt Injection\n- **LLM02** - Insecure Output Handling\n- **LLM03** - Training Data Poisoning\n- **LLM04** - Model Denial of Service\n- **LLM05** - Supply Chain Vulnerabilities\n- **LLM06** - Sensitive Information Disclosure\n- **LLM07** - Insecure Plugin Design\n- **LLM08** - Excessive Agency\n- **LLM09** - Overreliance\n- **LLM10** - Model Theft\n\n## Performance\n\n- Scans 100k LOC in \u003c 5 seconds\n- Parallel file processing with Rayon\n- Memory-mapped file reading\n- Incremental parsing with tree-sitter\n\n## Development\n\n```bash\n# Build\ncargo build --release\n\n# Run tests\ncargo test\n\n# Run benchmarks\ncargo bench\n\n# Format code\ncargo fmt\n\n# Lint\ncargo clippy\n```\n\n## Architecture\n\n```\naiscan/\n├── src/\n│   ├── cli/          # Command-line interface\n│   ├── core/         # Core scanner logic\n│   ├── parser/       # Tree-sitter AST parsing\n│   ├── patterns/     # AI framework patterns\n│   ├── cost/         # Token counting \u0026 budgets\n│   ├── audit/        # Security vulnerability detection\n│   ├── config/       # Configuration management\n│   └── report/       # Output formatting\n└── tests/            # Integration tests\n```\n\n## Contributing\n\nPull requests welcome! Please read CONTRIBUTING.md first.\n\n## License\n\nMIT - see LICENSE file\n\n## Author\n\nBuilt by [haasonsaas](https://github.com/haasonsaas)","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhaasonsaas%2Faiscan","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhaasonsaas%2Faiscan","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhaasonsaas%2Faiscan/lists"}