scan_for_vulnerabilities
Scan source code for security vulnerabilities like SQL injection, XSS, and hardcoded secrets using taint-flow analysis and CVSS-based scoring.
Instructions
Scan code content for security vulnerabilities (SAST analysis).
Uses a 55-rule engine with taint-flow simulation and CVSS-inspired scoring. Detects hardcoded secrets, SQL injection, path traversal, command injection, insecure cryptography, unsafe deserialization, XSS, and authentication misconfigurations.
Args: content: The source code to scan. source: File path / identifier (used for language detection and confidence scoring). E.g. "auth/login.py".
Returns JSON with: - findings: [{rule_id, cwe, severity, line_number, description, fix, confidence, taint_flow}] - risk_score: CVSS-inspired aggregate [0.0, 10.0] - critical_count, high_count, medium_count, low_count - top_fix: most impactful remediation action
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| source | No | unknown | |
| content | Yes |
Output Schema
| Name | Required | Description | Default |
|---|---|---|---|
| result | Yes |