Skip to content
/ static_analyzer Public

Static PR Analyzer with support for multiple languages in Docker runtime

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

a6kme/static_analyzer

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
.devcontainer
.devcontainer
 
 
.vscode
.vscode
 
 
api
api
 
 
cassettes
cassettes
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 

Repository files navigation

One SAST (Static Application Security Testing) to rule them all

System requirements

  1. Docker runtime
  2. python3

How to run

  1. Clone the repo git clone https://github.com/a6kme/static_analyzer
  2. Pull the docker images docker pull a6kme/static-analyzer-py and docker pull a6kme/static-analyzer-js
  3. Install the dependencies pip install -r api/requirements.txt
  4. Run the analyzer
from api.src.analyzer import StaticAnalyzer
from api.src.config import AppConfig
from api.src.models import GithubRepo
from api.src.services.github import GithubService

config = AppConfig.get_config()
repo = GithubRepo(name='pygoat', owner='adeyosemanputra')
pr = GithubService(config).get_pull_request(repo, 11)
StaticAnalyzer(config).static_review(pr)
for file in pr.files:
    print(file.review)

Run tests

  1. python -m pytest

RoadMap

  • Add LLM Layer to recommend the reviews
  • Add evaluation dataset and run evaluations
  • Figure out whether pulling the base commit makes any difference in analysis vs just writing the hunks

About

Static PR Analyzer with support for multiple languages in Docker runtime

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages