Expand description
Security scanning module for vulnerability detection.
Provides pattern-based security scanning for pull requests and code changes. Uses regex patterns to detect common vulnerabilities like hardcoded secrets, SQL injection, XSS, and other OWASP/CWE issues.
Re-exports§
pub use cache::CachedFinding;pub use cache::FindingCache;pub use cache::cache_key;pub use detection::needs_security_scan;pub use ignore::SecurityConfig;pub use patterns::PatternEngine;pub use sarif::SarifReport;pub use scanner::SecurityScanner;pub use types::Confidence;pub use types::Finding;pub use types::PatternDefinition;pub use types::Severity;pub use types::ValidatedFinding;pub use types::ValidationResult;pub use validator::SecurityValidator;
Modules§
- cache
- Security finding cache for LLM validation results.
- detection
- Smart detection logic for when to trigger security scans.
- ignore
- Global ignore list for security findings.
- patterns
- Security pattern engine with regex-based vulnerability detection.
- sarif
- SARIF (Static Analysis Results Interchange Format) output support.
- scanner
- Security scanner orchestration for PR diffs.
- types
- Security scan types and data structures.
- validator
- LLM-based validation for security findings.