{"id":47459667,"url":"https://github.com/knostic/OpenAnt","last_synced_at":"2026-04-07T15:01:09.778Z","repository":{"id":341638188,"uuid":"1167798933","full_name":"knostic/OpenAnt","owner":"knostic","description":"OpenAnt from Knostic is an open source LLM-based vulnerability discovery product that helps defenders proactively find verified security flaws while minimizing both false positives and false negatives. Stage 1 detects. Stage 2 attacks. What survives is real.","archived":false,"fork":false,"pushed_at":"2026-03-13T12:09:51.000Z","size":4724,"stargazers_count":380,"open_issues_count":6,"forks_count":58,"subscribers_count":4,"default_branch":"master","last_synced_at":"2026-03-14T00:56:57.552Z","etag":null,"topics":["ai","cyber","cybersecurity","sast"],"latest_commit_sha":null,"homepage":"https://www.knostic.ai/openant","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/knostic.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-02-26T17:39:13.000Z","updated_at":"2026-03-13T20:56:24.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/knostic/OpenAnt","commit_stats":null,"previous_names":["knostic/openant"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/knostic/OpenAnt","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/knostic%2FOpenAnt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/knostic%2FOpenAnt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/knostic%2FOpenAnt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/knostic%2FOpenAnt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/knostic","download_url":"https://codeload.github.com/knostic/OpenAnt/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/knostic%2FOpenAnt/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31516839,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-07T03:10:19.677Z","status":"ssl_error","status_checked_at":"2026-04-07T03:10:13.982Z","response_time":105,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai","cyber","cybersecurity","sast"],"created_at":"2026-03-24T07:00:30.476Z","updated_at":"2026-04-07T15:01:09.759Z","avatar_url":"https://github.com/knostic.png","language":"Python","funding_links":[],"categories":["Build techniques","Pentest \u0026 Red Teaming Agents"],"sub_categories":["Supply chain beyond libraries"],"readme":"\u003cp align=\"center\"\u003e\n  \u003cimg src=\"assets/open-ant-black.png\" alt=\"OpenAnt\" width=\"180\" /\u003e\n\u003c/p\u003e\n\n# OpenAnt\n\n[OpenAnt](https://knostic.ai/openant) from [Knostic](https://knostic.ai) is an open source LLM-based vulnerability discovery product that helps defenders proactively find verified security flaws while minimizing both false positives and false negatives. Stage 1 detects. Stage 2 attacks. What survives is real.\n\nWe're pretty proud of this product and are in the vulnerability disclosure process for its findings, but do keep in mind that this started as a research project, and some of its features are still in beta. We welcome contributions to make it better.\n\n## Why open source?\nConsidering the explosion of AI-discovered vulnerabilities, we hope OpenAnt will be the tool helping open source maintainers stay ahead of attackers, where they can use it themselves or submit their repo for scanning at no cost.\n\nThen, since Knostic's focus is on protecting agents and coding assistants and not vulnerability research or application security, and we like open source, we decided to release OpenAnt under the Apache 2 license.\nBesides, you may have heard about Aardvark from OpenAI (now Codex Security) and Claude Code Security from Anthropic, and we have zero intention of competing with them.\n\n## Technical details and free scanning for open source projects\nFor technical details, limitations, and token costs, check out this blog post:\n[https://knostic.ai/blog/openant](https://knostic.ai/blog/openant)\n\nTo submit your repo for scanning:\n[https://knostic.ai/blog/oss-scan](https://knostic.ai/blog/oss-scan)\n\n## Supported languages\n- Go\n- Python\n- JavaScript/TypeScript (beta)\n- C/C++ (beta)\n- PHP (beta)\n- Ruby (beta)\n\n## Credits\nResearch and ideation: [Nahum Korda](https://github.com/NahumKorda/).\n\nProductization: Alex Raihelgaus, Daniel Geyshis.\n\nWith thanks to: [Michal Kamensky](https://github.com/kamenskymic/), [Imri Goldberg](https://github.com/lorg), [Gadi Evron](https://github.com/gadievron/), Daniel Cuthbert. Josh Grossman, and Avi Douglen.\n\n## Check out Knostic\n**If you like our work**, check out what we do at [Knostic](https://knostic.ai) to defend your agents and coding assistants, prevent them from deleting your hard drive and code, and control associated supply chain risks such as MCP servers, extensions, and skills.\n\n\n## Local setup\n\nBuild the CLI binary (requires Go 1.25+):\n\n```bash\ncd apps/openant-cli \u0026\u0026 make build\n```\n\nThis compiles the Go source and outputs the binary to `apps/openant-cli/bin/openant`.\n\nSymlink it onto your PATH so you can run `openant` from anywhere:\n\n```bash\nln -sf \"$(pwd)/apps/openant-cli/bin/openant\" /usr/local/bin/openant\n```\n\n_Note: run this from the repo root so `$(pwd)` resolves to the correct absolute path._\n\nSet your Anthropic API key (required for analyze, verify, and scan):\n\n```bash\nopenant set-api-key \u003cyour-key\u003e\n```\n\n**The key must have access to the Claude Opus 4.6 model.** Get a key at [console.anthropic.com](https://console.anthropic.com/settings/keys).\n\n## Data directories\n\nOpenAnt creates two directories:\n\n- **`~/.config/openant/`** — CLI configuration (`config.json`). Stores your API key, active project, and preferences. File permissions are restricted to `0600`.\n- **`~/.openant/`** — Project data. Each initialized project gets a workspace under `~/.openant/projects/\u003corg\u003e/\u003crepo\u003e/` containing `project.json` and a `scans/` directory with per-commit outputs.\n\n## Analyzing a project\n\n### 1. Initialize\n\nPoint OpenAnt at a repository. The `-l` flag (language) is required — use `go` or `python`.\n\n```bash\n# Remote — clones the repo\nopenant init \u003crepo-url\u003e -l go\n\n# Remote — pin to a specific commit\nopenant init \u003crepo-url\u003e -l go --commit \u003csha\u003e\n\n# Local — references the directory in-place\nopenant init \u003cpath-to-repo\u003e -l go --name \u003corg/repo\u003e\n```\n\nThis creates a project workspace and sets it as the active project. All subsequent commands operate on the active project automatically — no path arguments needed.\n\n### 2. Run the pipeline\n\nEach step picks up the output of the previous one from the project's scan directory:\n\n```bash\nopenant parse\nopenant enhance\nopenant analyze\nopenant verify\nopenant build-output\nopenant report -f summary\n```\n\nOr run the full pipeline in one command:\n\n```bash\nopenant scan --verify\n```\n\n### Working with multiple projects\n\nThe pipeline operates on one project at a time. Running `openant init` sets the newly initialized project as the active one, so all subsequent commands target it by default.\n\nIf you're working with several projects, you have two options:\n\n```bash\n# Option 1: switch the active project\nopenant project switch org/repo\nopenant parse\n\n# Option 2: target a project directly with -p\nopenant parse -p org/repo\n```\n\n### Project management\n\n```bash\nopenant project list              # shows all projects, marks active\nopenant project show              # details of active project\nopenant project switch \u003corg/repo\u003e # switch active project\n```\n\n\n## LICENSE\nThis project is licensed under Apache 2. See the LICENSE file for details.\n\n\n## Disclaimer and legal notice\nThis project is intended for defensive and research purposes only. OpenAnt is still in the research phase, use it carefully and at your own risk. Knostic, OpenAnt, and associated developers, researchers, and maintainers assume no responsibility whatsoever for any misuse, damage, or consequences arising from the use of this tool.\n\nOnly scan code you own or have explicit permission to test. If you discover a vulnerability in someone else's project through legitimate means, please follow coordinated vulnerability disclosure practices and report it to the maintainers before making it public.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fknostic%2FOpenAnt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fknostic%2FOpenAnt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fknostic%2FOpenAnt/lists"}