scan_security
Scan files for security vulnerabilities using multiple analysis engines. Choose verbosity levels from minimal counts to full metadata, and output results in JSON or SARIF format.
Instructions
Scan a file for security vulnerabilities. Use verbosity='minimal' for counts only (~50 tokens), 'compact' (default) for actionable info (~200 tokens), 'full' for complete metadata.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| engine | No | Analysis engine: 'auto' (default, AST+semantic with regex fallback), 'ast' (tree-sitter only), 'regex' (regex only), 'semantic' (semantic/CPG only), 'all' (all engines) | |
| file_path | Yes | Path to the file to scan | |
| verbosity | No | Response detail level: 'minimal' (counts only), 'compact' (default, actionable info), 'full' (complete metadata) | |
| output_format | No | Output format: 'json' (default) or 'sarif' for GitHub/GitLab integration | |
| enable_semantic | No | Enable semantic/CPG analysis (default: true if available) | |
| include_context | No | Include surrounding code context for each issue | |
| project_context | No | Include project context (framework, security middleware, dependencies) |