Scan code for security issues
codeinspectus_scanRun a comprehensive local security scan combining SAST, secrets, SCA, IaC, and AI-code checks. Detects vulnerabilities with CWE-keyed findings and fix recommendations, fully offline.
Instructions
Run a full local security scan of a path: bundled engines (Opengrep SAST, Gitleaks secrets, Trivy SCA/IaC/license) plus CodeInspectus's AI-code-specific checks (client-side secret exposure, Supabase RLS/inverted-auth, prompt-injection sinks). Returns CWE-keyed findings with fix recommendations and compliance tags. Fully offline — zero network egress at scan time. Never writes to your code or repo.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| path | Yes | Absolute path to the repository or directory to scan. | |
| scanners | No | Limit which scanner classes run: sast, secret, vuln, misconfig, license, ai. Default: all. | |
| max_findings | No | Cap the number of findings returned to protect agent context (default: 200). | |
| include_compliance | No | Include the per-framework compliance overview in the result (default: true). | |
| severity_threshold | No | Only return findings at or above this severity (default: info — all). |
Output Schema
| Name | Required | Description | Default |
|---|---|---|---|
| target | Yes | ||
| offline | Yes | ||
| scan_id | Yes | ||
| summary | Yes | ||
| findings | Yes | ||
| warnings | Yes | ||
| truncated | Yes | ||
| disclaimer | Yes | ||
| git_safety | Yes | ||
| started_at | Yes | ||
| duration_ms | Yes | ||
| engines_run | Yes | ||
| trivy_db_date | No | ||
| engine_details | Yes | ||
| compliance_overview | No | ||
| total_findings_before_limit | Yes |