.png)
4 weeks ago
1
Two-part Python project:
- Scanner CLI: runs standalone SAST scans on a folder and prints JSON findings
- Management server: launches scans, ingests results into SQLite, and provides a minimal web UI
- Create venv and install
python3 -m venv .venv && source .venv/bin/activate
pip install -e .
- Configure environment
cp env.example .env
export $(grep -v '^#' .env | xargs) # or use a shell that auto-loads .env
- Run scanner (standalone)
sassycode-scanner scan --path /path/to/repo --model gpt-4o-mini
Alternate ways to run the scanner (equivalent):
# 1) Console script (shown above)
sassycode-scanner scan --path "/Users/jeremydubansky/dev/WebGoat/webgoatIT" --model gpt-4o-mini --verbose
# 2) Module invocation (no entrypoint needed)
python -m scanner.cli scan --path "/Users/jeremydubansky/dev/WebGoat/webgoatIT" --model gpt-4o-mini --verbose
# 3) Direct file execution (ensure PYTHONPATH points to repo root)
PYTHONPATH=/Users/jeremydubansky/dev/sassycode \
python /Users/jeremydubansky/dev/sassycode/scanner/cli.py scan --path "/Users/jeremydubansky/dev/WebGoat/webgoatIT" --model gpt-4o-mini --verbose
- Run management server
sassycode-manager --reload
Open http://localhost:3000 to use the UI (default port can be overridden with --port or PORT).
- Requires Python 3.11+
- Uses SQLite by default; see DATABASE_URL in .env
- OpenAI key required: set OPENAI_API_KEY
- Some models (e.g., gpt-5) enforce a fixed temperature. The scanner automatically omits the temperature param for these to avoid errors.
