Flash is an AI-powered code vulnerability scanner designed to help developers identify security vulnerabilities in their code. By leveraging AI models like OpenAI and Azure OpenAI, Flash automates the review process for various coding languages and provides detailed reports with potential vulnerabilities, proof of concepts, and recommended fixes. Flash can generate reports in Markdown format, making it easy for developers to integrate security analysis into their workflow.
- AI-Powered Code Analysis: Leverages OpenAI's GPT models to analyze code and detect potential security vulnerabilities.
- Multi-Platform Support: Flash works across various platforms and languages, making it a flexible solution for code review.
- Detailed Vulnerability Reports: Generates reports with detailed descriptions of identified vulnerabilities, proof of concepts, and recommended fixes.
- Supports Multiple Languages: Works with PHP, Python, JavaScript, and more.
- Markdown Report Generation: Outputs security analysis in Markdown format for easy integration with GitHub and other platforms.
-
Clone the repository:
git clone https://github.com/secfathy/flash.git
-
Navigate to the project directory:
cd flash -
Build the application:
go build
-
Run the application:
go run main.go -file <codefile> -save <outputdir> -config config.json
Flash scans code files for vulnerabilities by sending code snippets to AI models, which then return a detailed analysis of the vulnerabilities. The results can be saved as Markdown reports.
-file: Path to the code file to be analyzed.-dir: Path to the directory of files to be analyzed.-save: Directory to save the results (default is current directory).-config: Path to the configuration file (default isconfig.json).-use-azure: Set totrueif using Azure OpenAI,falseotherwise.
go run main.go -file example.php -save /home/reports -config config.json -use-azure=true
The config.json file contains API keys and endpoint information for both OpenAI and Azure OpenAI. You can configure it as shown below:
{
"azure_openai": {
"endpoint": "your-azure-openai-endpoint",
"api_key": "your-azure-api-key",
"deployment_name": "gpt-4o",
"api_version": "2024-02-15-preview"
},
"openai": {
"api_key": "your-openai-api-key"
}
}
Contributions are welcome! To contribute:
- Fork the repository.
- Create a new branch:
git checkout -b feature-branch-name. - Make your changes and commit them:
git commit -m 'Add new feature'. - Push to the branch:
git push origin feature-branch-name. - Open a pull request.
This project is licensed under the MIT License - see the LICENSE file for details.
For questions or support, feel free to reach out to the repository owner.
Developed with ❤️ by Mohammed Fathy @Secfathy