ai-code-guardian-0.11.2 is not a library.
🛡️ AI Code Guardian
🌐 Interactive Demo & Documentation
Security scanner for AI-generated code. Catches vulnerabilities before you commit.
The Problem
AI coding tools are great, but they introduce security risks:
- Hardcoded API keys and secrets
- SQL injection vulnerabilities
- Insecure HTTP requests
- Exposed credentials
This tool scans your code and catches these issues instantly.
What Makes Us Different
- Dependency vulnerability checking - Scan requirements.txt, package.json, Cargo.toml for known CVEs
- .guardianignore file - Exclude files/patterns from scanning
- Git integration - Scan only changed or staged files for faster CI/CD
- Custom rules engine - Define your own security patterns with
.guardian.rules.json - Severity scoring - Numerical risk scores (0-100) for every vulnerability
- Watch mode - Auto-scan on file changes during development
- Interactive TUI mode - Navigate issues with arrow keys, mark false positives
- Auto-fix suggestions - Don't just find issues, get actionable solutions
- Lightning fast - Written in Rust, 10x faster than Node.js alternatives
- Single binary - No npm, no node_modules, just one executable
- Beautiful output - Color-coded, easy to read results
- 100% local - No data leaves your machine
Installation
Usage
# Scan current directory
# Scan specific directory
# Interactive TUI mode
# Watch mode - auto-scan on file changes
# Scan only git changed files
# Scan only git staged files
# Check dependencies for vulnerabilities
What It Detects
- Hardcoded Secrets: API keys, passwords, tokens
- SQL Injection: Unsafe query construction
- Insecure HTTP: Unencrypted connections
- Exposed Credentials: .env files, config files
Example Output
🛡️ AI Code Guardian - Security Scan
Scanning: ./src
❌ HIGH (Risk: 85): Hardcoded API Key
File: src/api.rs:12
Found: const API_KEY = "sk-1234567890abcdef"
Risk: Exposed credentials in source code
Fix: Use process.env.API_KEY or import from .env file
❌ HIGH (Risk: 85): SQL Injection Risk
File: src/db.rs:45
Found: query = "SELECT * FROM users WHERE id = " + user_id
Risk: Unsanitized user input in SQL query
Fix: Use parameterized queries: db.query('SELECT * FROM users WHERE id = ?', [userId])
✅ Scan complete: 2 issues found
CI/CD Integration
GitHub Actions
Scan PRs automatically. Create .github/workflows/security.yml:
name: Security Scan
on:
pull_request:
jobs:
security:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Install AI Code Guardian
run: cargo install ai-code-guardian
- name: Scan changed files
run: ai-guardian scan --git
See examples/ directory for more GitHub Action configurations.
Pre-commit Hook
Add to .git/hooks/pre-commit:
#!/bin/bash
if [; then
fi
Custom Rules
Create .guardian.rules.json in your project root:
Ignore Files
Create .guardianignore to exclude files:
# Ignore test files
*test*
*spec*
# Ignore vendor code
vendor/
third_party/
How It Works
- Walks through your codebase
- Scans files for security patterns
- Reports high-risk issues
- Suggests fixes
No data leaves your machine. Everything runs locally.
Roadmap
- Git integration to scan only changed files
- GitHub Actions examples
- Auto-fix command to apply fixes automatically
- XSS detection patterns
- Path traversal detection
- Official GitHub Action (no cargo install needed)
- VS Code extension
Contributing
Found a false positive? Have a pattern to add? PRs welcome!
License
MIT
Changelog
v0.10.0
- Added dependency vulnerability checking with
check-depscommand - Integrates with OSV.dev API to detect known CVEs in dependencies
- Supports Python (requirements.txt, pyproject.toml), Node (package.json), Rust (Cargo.toml)
- Released in response to LiteLLM supply chain attack (March 2026)
v0.9.0
- Improved SQL injection detection to reduce false positives from logging statements
- Pattern now requires SQL keywords (SELECT/INSERT/UPDATE/DELETE) to be followed by FROM/INTO/SET
- Eliminates false positives from code like
LOG_WARNING("Health was to be updated to: " + value)