https://github.com/alexandre-leng/ai-security-code-validator
MVP of an Open-source AI code security scanner for LLM-generated code. Detect prompt injection, secrets, vulnerable dependencies, and OWASP risks in CI/CD and DevSecOps workflows.
https://github.com/alexandre-leng/ai-security-code-validator
ai-security application-security code-security devsecops llm-security owasp prompt-injection sarif sbom secure-coding semgrep supply-chain-security vulnerability-scanner
Last synced: 1 day ago
JSON representation
MVP of an Open-source AI code security scanner for LLM-generated code. Detect prompt injection, secrets, vulnerable dependencies, and OWASP risks in CI/CD and DevSecOps workflows.
- Host: GitHub
- URL: https://github.com/alexandre-leng/ai-security-code-validator
- Owner: alexandre-leng
- License: other
- Created: 2026-05-10T13:38:42.000Z (about 1 month ago)
- Default Branch: main
- Last Pushed: 2026-06-09T12:52:09.000Z (3 days ago)
- Last Synced: 2026-06-09T14:18:39.315Z (3 days ago)
- Topics: ai-security, application-security, code-security, devsecops, llm-security, owasp, prompt-injection, sarif, sbom, secure-coding, semgrep, supply-chain-security, vulnerability-scanner
- Language: Python
- Homepage: https://github.com/alexandre-leng/ai-code-validator
- Size: 407 KB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Contributing: docs/CONTRIBUTING.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
- Security: SECURITY.md
- Notice: NOTICE
Awesome Lists containing this project
README
# š¤ AI Code Validator
> **AI Code Validator is an open-source AI code security scanner for LLM-generated code, AI-assisted development, and modern AppSec workflows.**
> Catch prompt injection, insecure code patterns, secrets, vulnerable dependencies, and OWASP risks before AI-written code reaches production.
š **1000+ security rules** for LLM-generated code
š”ļø **Prompt injection detection** ā integrated with Whitney (transilienceai/whitney)
ā” **Scan in seconds** ā before the code reaches production
š¤ **Two-Level Workflow** ā auto-approve safe code, escalate risks
**Keywords:** AI code security, AI-generated code scanner, LLM security scanner, prompt injection detection, secure code review, SAST for AI code, DevSecOps, Semgrep security automation, software supply chain security
[](LICENSE)
[](https://python.org)
[](Dockerfile)
---
## šØ The Problem: AI Writes Insecure Code
**45% of code generated by LLMs contains OWASP Top 10 vulnerabilities.**
*(Veracode, 2025)*
You asked ChatGPT for a Python script. It gave you something with `os.system()` and a hardcoded API key.
You used Copilot for a login form. It suggested `eval()` on user input.
You prompted Claude for a data pipeline. It generated `pickle.loads()` on untrusted data.
**The issue:** Developers trust AI-generated code. They don't read every line. They don't review what Copilot autocomplete inserted between two valid lines.
**Result:** Vulnerabilities slip into production at machine speed.
---
## ā
The Solution: Security Guardrails for AI-Generated Code
AI Code Validator is the first security scanner **designed specifically for code written by machines** ā not humans.
We don't just find SQL injection. We find:
š“ **LLM-specific vulnerabilities**
ā¢ Prompt injection in AI apps
ā¢ Unsafe deserialization (pickle, yaml) that LLMs love to generate
ā¢ `eval()` / `exec()` patterns injected by autocomplete
ā¢ Hardcoded API keys generated by Copilot
ā¢ SQL queries built with f-strings (Copilot's favorite pattern)
š **Traditional vulnerabilities** ā 1000+ rules across 14 languages
ā¢ SQL injection, XSS, command injection
ā¢ Secrets leakage (AWS, GitHub, Stripe, OpenAI keys)
ā¢ Vulnerable dependencies (SCA with OSV real-time database)
ā¢ License compliance (GPL detection)
š¢ **Workflow that doesn't slow you down**
ā¢ **Level 0:** Auto-approve safe code (zero friction)
ā¢ **Level 1:** Escalate real risks to human review
ā¢ **Auto-fix:** Generate corrected code with one command
---
## ā” Quick Start
```bash
# Install
pip install -e .
pip install semgrep bandit
# Scan a file (instant)
python3 -m aicv.cli scan app.py
# Scan your Copilot-generated project
python3 -m aicv.cli scan my-ai-project/
# Two-level workflow (recommended for teams)
python3 -m aicv.cli level0 my-project/ # Auto-approve safe code
python3 -m aicv.cli level1 my-project/ # Review escalated risks
# Auto-fix everything fixable
python3 -m aicv.cli fix --file app.py
# Generate SBOM for compliance
python3 -m aicv.cli sbom --target . --format cyclonedx
# Check dependencies for known CVEs (OSV real-time)
python3 -m aicv.cli sca --target .
# Start API + dashboard
AICV_API_KEY="demo" python3 -m aicv.cli serve
# ā http://localhost:5001/review.html
```
---
## How It Works
AI Code Validator combines multiple application security testing engines into a single workflow built for **AI-generated code, Copilot-assisted commits, CI/CD pipelines, and security review at scale**.
### 1. Parse the target
The scanner detects the project language, framework, and file types, then chooses the right analyzers for source code, dependencies, infrastructure-as-code, and AI-specific attack surfaces.
### 2. Run multi-engine analysis
It orchestrates several engines in parallel:
ā¢ **Semgrep rules** for code vulnerabilities, insecure patterns, API misuse, IaC issues, and framework-specific risks
ā¢ **Prompt injection detection** for LLM apps, RAG pipelines, agent workflows, and dangerous sink chains
ā¢ **Secrets detection** for API keys, tokens, and leaked credentials
ā¢ **SCA** against the live OSV database for vulnerable dependencies
ā¢ **SBOM and license analysis** for compliance, governance, and supply chain visibility
### 3. Correlate and score findings
Findings are normalized, deduplicated, scored by severity and confidence, and converted into a developer-friendly risk report with a global score and actionable remediation hints.
### 4. Route through the two-level workflow
Safe or low-risk findings can be auto-approved in **Level 0**, while high-confidence or critical issues are escalated to **Level 1** for human validation, making the workflow usable in real engineering teams instead of producing alert fatigue.
### 5. Export or integrate
Results can be consumed through the CLI, REST API, SARIF output, dashboard, GitHub PR comments, and editor integration, so teams can use AI Code Validator in local development, pre-commit checks, pull requests, or production release gates.
---
## š„ What Makes Us Different
### 1. Prompt Injection Detection
Detects **prompt injection vulnerabilities** in AI applications across 16+ source types:
```python
# AI Code Validator detects this:
openai.ChatCompletion.create(
messages=[{"role": "user", "content": user_input}] # š“ PROMPT INJECTION
)
# And this:
pickle.loads(ai_generated_data) # š“ UNSAFE DESERIALIZATION
# And this:
eval(llm_output) # š“ CODE INJECTION
```
### 2. Built for the Speed of AI
ā¢ **Scan in < 10 seconds** on a typical file
ā¢ **1000+ rules** covering all major vulnerability classes
ā¢ **14 languages** ā Python, JS/TS, Java, Go, Rust, C/C++, PHP, Ruby, C#, Swift, Kotlin, Shell
ā¢ **Real-time SCA** ā queries OSV database live (not static CVE lists)
### 3. Two-Level Security Workflow
**Level 0 ā Automated (Zero Friction)**
```bash
python3 -m aicv.cli level0 my-project/
```
What happens:
ā¢ LOW/MEDIUM findings with high confidence ā **Auto-approved**
ā¢ Known fixable patterns ā **Auto-resolved**
ā¢ CRITICAL/HIGH findings ā **Escalated to Level 1**
Output:
```
š¤ Level 0 ā Automated Security Scan
š Results:
Auto-approved: 12
Auto-resolved: 3
Escalated to Level 1: 5
```
**Level 1 ā Human Review**
```bash
python3 -m aicv.cli level1 my-project/
```
Interactive session with security checklist per finding type:
```
š¤ Level 1 ā Human Security Review
[CRITICAL] app.py:15
Rule: python-sqli-format-string
Code: cursor.execute(f"SELECT * FROM users WHERE id = {user_id}")
š Security Checklist:
1. Is the user input properly parameterized?
2. Are ORM methods used instead of raw SQL?
Decision [approve/reject/skip/quit]: reject
Notes: Confirmed SQLi, must use parameterized queries
```
### 4. VS Code Extension (Real-Time)
Scan while you code. Get instant highlights on AI-generated vulnerabilities directly in your editor.
Commands:
ā¢ `Ctrl+Shift+S` ā Scan current file
ā¢ Status bar ā Live vulnerability count
ā¢ Dashboard ā Severity breakdown webview
### 5. Open Source, Self-Hosted, Air-Gap Ready
ā¢ **MIT License** ā no vendor lock-in
ā¢ **Self-hosted** ā your code never leaves your infrastructure
ā¢ **Air-gap compatible** ā works offline (except SCA which needs OSV API)
ā¢ **SARIF export** ā integrates with GitHub Advanced Security
---
## š”ļø Detection Engines (13)
**Semgrep** ā 1000+ rules, 30+ categories (SQLi, XSS, injection, IaC, containers, CI/CD, AI/ML)
**Prompt Injection (Whitney)** ā Semgrep rules for 16+ prompt injection source types (direct HTTP/CLI/Voice, indirect RAG/Web/File Upload, critical sinks: PAL chains, SQL chains, PythonREPL)
**Bandit** ā Python AST analysis (hardcoded passwords, shell injection)
**Secrets Detector** ā 14 patterns + validators (AWS, GitHub, Stripe, OpenAI keys)
**SCA (Software Composition Analysis)** ā Real-time OSV database queries. 7 ecosystems: PyPI, npm, Maven, Go, Cargo, RubyGems, Packagist
**SBOM Generator** ā CycloneDX 1.5 + SPDX 2.3 export
**License Scanner** ā Copyleft, restrictive, unknown license detection
**SARIF Exporter** ā GitHub/CodeQL integration standard
**Dead Code Detector** ā Python AST (unused imports, functions, classes)
**Framework Rules** ā Django, Flask, Express, Laravel, FastAPI specifics
**Language Checkers** ā 14 languages with dedicated analyzers
**Scoring Engine** ā 0-100 score + A-F grade
**Auto-Fix** ā Regex + AST-based code correction
---
## š Languages & Frameworks
**Languages:** Python, JavaScript, TypeScript, Java, Go, PHP, Ruby, C#, Rust, C, C++, Swift, Kotlin, Shell/Bash
**Infrastructure:** Dockerfile, Kubernetes YAML, Terraform, CloudFormation
**AI/ML Specific:** PyTorch, TensorFlow, OpenAI API, LangChain patterns
**Blockchain:** Solidity smart contracts
**Mobile:** Android (Kotlin/Java), iOS (Swift)
---
## š CLI Commands
```
scan š Full security scan (all 12 engines)
level0 š¤ Automated workflow ā auto-approve safe code
level1 š¤ Human review ā security checklist per finding
fix š§ Auto-fix vulnerabilities
delta š Compare two scans (regression detection)
notify š¢ Slack / Discord / Email / Webhook alerts
pr š Post results as GitHub PR comment
sbom š¦ Generate Software Bill of Materials
sca š¦ Dependency vulnerability scan (OSV real-time)
license š License compliance scan
sarif š SARIF export for GitHub/CodeQL
checklist š Security checklists for reviewers
serve š REST API + Web dashboard
version š Show version
tools š¦ List available tools
```
---
## š Deployment Options
### Docker (Production-Ready)
```bash
docker-compose up -d
# API: http://localhost:5001
# Dashboard: http://localhost:5001/review.html
```
Multi-stage Dockerfile with:
ā¢ Non-root user
ā¢ Read-only filesystem
ā¢ Health checks
ā¢ Nginx reverse proxy with rate limiting
### GitHub Actions
```yaml
# Auto-scan every PR
# Block merge if CRITICAL vulnerabilities found
```
### API Usage
```bash
curl -X POST http://localhost:5001/api/v1/scan \
-H "X-API-Key: demo" \
-H "Content-Type: application/json" \
-d '{"code": "import os\nos.system('id')", "language": "python"}'
```
---
## š Example Output
```
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
ā š¤ AI CODE VALIDATOR v3.3 ā
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
š app.py
š Score: 0/100 š Grade F
š 23 vuln(s) | C:12 H:7 M:0 L:1
š“ [CRITICAL] app.py:10
[semgrep] LLM output passed to os.system(). Extreme risk.
š“ [CRITICAL] app.py:13
[semgrep] Unsafe pickle.loads() on AI-generated data
š [HIGH] app.py:7
[semgrep] LLM prompt constructed with dynamic input.
Risk of prompt injection.
š“ [CRITICAL] app.py:20
[secrets] š Stripe Secret Key detected: sk_lā¦7890
āļø Two-Level Workflow:
Level 0 (Auto): 0/23 handled
Level 1 (Human): 23 need review
```
---
## šļø Architecture
```
aicv/
āāā scanner.py # Multi-engine orchestrator (12 engines)
āāā scoring.py # 0-100 + A-F scoring
āāā secrets_detector.py # API key patterns + entropy analysis
āāā sca_scanner.py # Real-time OSV dependency scanning
āāā sbom_generator.py # CycloneDX + SPDX generation
āāā sarif_exporter.py # SARIF v2.1.0 export
āāā license_scanner.py # License compliance
āāā workflow.py # Two-level security workflow
āāā auto_fix.py # Code correction engine
āāā report_exporter.py # JSON / MD / HTML export
āāā notifier.py # Slack / Discord / Email / Webhook
āāā github_pr.py # GitHub PR integration
āāā checkers/ # 11 language-specific analyzers
ā āāā rust_checker.py
ā āāā cpp_checker.py
ā āāā typescript_checker.py
ā āāā swift_checker.py
ā āāā kotlin_checker.py
ā āāā shell_checker.py
api/ # REST API (Flask + Gunicorn)
static/ # Web dashboard (review.html)
rules/semgrep/ # 1000+ security rules (50+ files)
vscode-extension/ # VS Code extension (TypeScript)
```
---
## š What's New in v3.3
**1000+ Semgrep rules** ā 50+ rule files across 15+ categories
**Real-time SCA** ā OSV API integration (replaces static CVE lists)
**VS Code Extension** ā Real-time scanning in your IDE
**Docker + SaaS MVP** ā Multi-stage Dockerfile, docker-compose, nginx
**Community Infrastructure** ā Issue templates, CI/CD, CoC, PR templates
**AI/ML Security Rules** ā Prompt injection, unsafe pickle, LLM eval detection
---
## š Documentation
ā¢ [Architecture](docs/ARCHITECTURE.md) ā System design & data flow
ā¢ [API Reference](docs/API.md) ā Complete REST API documentation
ā¢ [Workflow Guide](docs/WORKFLOW.md) ā Two-level security workflow
ā¢ [Contributing](docs/CONTRIBUTING.md) ā Code standards & PR process
ā¢ [Security](docs/SECURITY.md) ā Supported versions & disclosure policy
ā¢ [Strategy](docs/STRATEGY.md) ā Competitive analysis & roadmap
---
## GitHub SEO Suggestions
If you want the repository to be easier to discover on GitHub search, the best lift usually comes from the **About description**, **topics**, and the first 20 lines of the README.
**Suggested GitHub description**
`Open-source AI code security scanner for LLM-generated code. Detect prompt injection, secrets, vulnerable dependencies, and OWASP risks in CI/CD and DevSecOps workflows.`
**Suggested GitHub topics**
`ai-security`, `llm-security`, `application-security`, `code-security`, `secure-coding`, `prompt-injection`, `sast`, `semgrep`, `devsecops`, `owasp`, `supply-chain-security`, `sbom`, `sarif`, `vulnerability-scanner`, `github-actions`
**Suggested website**
Use the repository URL for now, or a future landing page such as `https://www.formalibre.org` with a dedicated product section for AI Code Validator.
---
## š License
MIT
---
## š Acknowledgments
This project includes or was inspired by the following open-source projects:
- **[transilienceai/whitney](https://github.com/transilienceai/whitney)** (Apache 2.0) ā Prompt injection detection rules covering 16+ source types
- **[Shiboof/Code-Vulnerability-Scanner](https://github.com/Shiboof/Code-Vulnerability-Scanner)** (MIT) ā Security scoring system, language detection patterns
- **[duriantaco/skylos](https://github.com/duriantaco/skylos)** (Apache 2.0) ā Dead code detection patterns, framework-aware rules
See [LICENSE](LICENSE) for full third-party attribution details.
---
**[ā Star on GitHub](https://github.com/alexandre-leng/ai-code-validator)**
**[š Report Issue](https://github.com/alexandre-leng/ai-code-validator/issues)**
**[š formalibre.org](https://www.formalibre.org)**