SunWeb3Sec

SunWeb3Sec / llm-sast-scanner

Public

A SAST skill that gives AI coding agents structured vulnerability detection across 34 vulnerability classes.

18
1
69% credibility
Found Mar 29, 2026 at 18 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
AI Summary

A collection of reference guides and workflows that enable AI coding assistants to systematically detect and report security vulnerabilities in source code across multiple languages.

How It Works

1
πŸ” Discover the Code Safety Guide

You learn about a helpful set of guides that supercharge your AI assistant to spot security risks in computer programs.

2
πŸ“₯ Download the Guides

Grab the ready-to-use files that contain all the knowledge for checking code safety.

3
🧰 Add to Your AI Helper

Slip the guides into your AI assistant's toolbox so it gains this new security-checking power.

4
πŸ’» Feed Your Code to the AI

Share your project's files with your AI and ask it to scan for dangers using the new guides.

5
πŸ”Ž AI Hunts for Weak Spots

Your AI traces risky data flows through the code, checking against 34 common trouble types.

6
πŸ“‹ Receive the Safety Report

Get a detailed list of problems found, pinpointed by file and line with fix suggestions.

βœ… Build Safer Software

Celebrate as your project becomes more secure, with clear steps to patch any issues.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 18 to 18 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is llm-sast-scanner?

llm-sast-scanner equips AI coding agents like Claude Code or OpenAI Codex with a structured SAST skill for vulnerability detection across 34 classes, including SQL injection, XSS, SSRF, and path traversal. It performs source-to-sink taint analysis on Java, Python, JavaScript/TypeScript, PHP, and .NET codebases, delivering reports with file paths, line numbers, and remediations. Developers drop it into agent skills folders via git clone for instant LLM-powered scanning.

Why is it gaining traction?

Unlike traditional github sast tools like CodeQL or GitHub Advanced Security with their pricing and setup hurdles, this free MIT-licensed scanner leverages LLMs for agent-native detection, boasting near-perfect recall and precision in Java benchmarks. It stands out in the awesome sast github space with sast skill docs for multi-round scans and judge verification that cuts false positives, producing github sast reports rivals can't match without heavy config. Sast llm github integration hooks devs tired of sast github actions boilerplate.

Who should use this?

Security engineers building AI-assisted code reviews for web3 or backend teams handling Java/Python apps. Agent wranglers at startups wanting sast rfq 83 skills development training without switching tools. DevOps folks scanning PRs across agents for injection flaws or weak crypto before CI.

Verdict

Promising early experiment with 0.699999988079071% credibility score and 18 starsβ€”docs are solid, benchmarks impressive, but low adoption signals immaturity; test on your repos before prime time. Worth a spin if you're in the LLM agent game, skip for production-scale sast github scanner needs.

(178 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.