Latio Application Security Tester - Uses OpenAPI to scan for security issues in code changes
Project description
Latio Application Security Tester
Use OpenAI to scan your code for security issues from the CLI. Bring your own OpenAI token.
About Latio
Find Security Tools
Install
pip install latio
OPENAI_API_KEY=xxx latio partial ./
How to Run Locally
- Get your OpenAI key from here
export OPENAI_API_KEY=<OpenAPI Key>
- Scan only your changed files before merging with
python latio partial /path/to/directory
. This uses the GPT-3.5-turbo model so it's cheap and fast. - Scan your full application with
python latio full /path/to/directory
. This uses the beta model of gpt-4 so it's extremely expensive. Scanning this application once for example took about $1. Additionally, you may need to split your app into smaller directories, because the model has a 128,000 token limit - You can specify
--model
with the model name from open ai to experiment
How to Run in Pipeline
This will run OpenAI in pipeline against only your changed files. Here's an example of what it looks like, it uses GPT-3.5 to scan only changed files, so it's relatively cheap.
- Get your OpenAI token from here
- In your repository, go to
github.com/org/repo/settings/secrets/actions
and add a new Repository Secret calledOPENAI_API_KEY
with the value from OpenAI - Copy and paste the
.github/workflows/actions-template.yml
into your own.github/workflows/
folder
Command Line Options
latio partial <directory> [--model <model_name>]
Scans only the files that have been changed in the specified directory.
<directory>
: Path to the directory where your project is located.--model <model_name>
: (Optional) Specifies the name of the OpenAI model to use for the scan. Defaults togpt-3.5-turbo
Example:
latio partial /path/to/your/project --model gpt-3.5-turbo
latio full <directory>
Scans only the files that have been changed in the specified directory.
<directory>
: Path to the directory where your project is located.--model <model_name>
: (Optional) Specifies the name of the OpenAI model to use for the scan. Defaults togpt-4-1106-preview
Example:
latio full /path/to/your/project --model gpt-4-1106-preview
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
latio-0.0.5.tar.gz
(19.3 kB
view hashes)
Built Distribution
latio-0.0.5-py3-none-any.whl
(18.1 kB
view hashes)