cisco-open/ai-deep-sast — explained in plain English
Analysis updated 2026-05-18
Run a fast AI-assisted security scan on every code push in CI.
Run a deep whole-codebase AI security analysis on pull requests.
Generate a structured vulnerability report with severity and a suggested code fix.
Detect hardcoded passwords and API keys in configuration files.
| cisco-open/ai-deep-sast | alex72-py/aria-termux | anime0t4ku/gentleman | |
|---|---|---|---|
| Stars | 20 | 20 | 20 |
| Language | Python | Python | Python |
| Setup difficulty | hard | moderate | moderate |
| Complexity | 4/5 | 2/5 | 2/5 |
| Audience | ops devops | developer | general |
Figures from each repo's GitHub metadata at analysis time.
Deep scans can take 30 minutes to 14 hours, fast local scans are optimized for Apple Silicon.
AI Deep SAST is a security scanning tool from Cisco's open-source team that checks code for vulnerabilities. SAST stands for Static Application Security Testing, meaning it analyzes code without running it. This tool combines a rule-based scanner called Semgrep with AI language models to go beyond what pattern matching alone can catch. It offers two scan modes. The fast scan runs Semgrep to find potential issues, then uses a smaller local AI model (an 8-billion-parameter model called Foundation-Sec-8B that runs on your machine) to evaluate each finding and decide whether it is a real problem. This takes about five minutes. The deep scan indexes the entire codebase using a code-parsing library called tree-sitter, then sends the results to a larger cloud AI model such as GPT-4o or Claude for a whole-codebase analysis. That process can take anywhere from 30 minutes to 14 hours depending on codebase size and configuration. For each vulnerability it finds, the tool produces a structured report covering the type of vulnerability, how severe it is, what an attacker could do with it, how it affects the business, and how to fix it with corrected example code. It also scans configuration files for hardcoded passwords and API keys. Reports can be saved as Markdown, JSON, or JUnit XML (a format compatible with CI/CD tools like Jenkins). The tool is designed to plug into a continuous integration pipeline. The fast Semgrep pass runs on every code push, the AI analysis runs only on pull requests or when manually triggered, keeping routine commits fast. It is written in Python and supports Docker for reproducible environments. Local fast scans are optimized for Apple Silicon Macs but also support NVIDIA GPUs. A full test suite of over 240 tests is included.
A code security scanner from Cisco that combines the Semgrep rule engine with AI models to find and explain vulnerabilities.
Mainly Python. The stack also includes Python, Semgrep, Docker.
Setup difficulty is rated hard, with roughly 1h+ to a first successful run.
Mainly ops devops.
This repo across BitVibe Labs
Verify against the repo before relying on details.