- CLI scanner with
scanandversioncommands - Anthropic (Claude) and OpenAI (GPT) provider backends
- Text, JSON, and SARIF 2.1.0 output formats
- File filtering (include/exclude globs, size limits, severity threshold)
- Rich terminal UI with progress indicators
- GitHub Code Scanning integration via SARIF upload
- GitHub Action for drop-in CI integration
- Pre-commit hook support
-
.ai-sec-scan.yamlconfig file for per-project defaults - Scan summary annotations on pull requests
- Multi-file context awareness (understand imports and call chains across files)
- Result caching to skip unchanged files on re-scan
- Parallel file analysis for faster scans
- Custom rules (bring your own prompts for domain-specific checks)
- Framework-specific rule packs (Django, FastAPI, Express, Spring)
- Baseline file to suppress known findings
- Stable Python API for programmatic use
- VS Code extension with inline findings
- Diff-only scanning (analyze changed lines only)
- Cost estimation before scan
- Plugin system for community providers