Getting Started
An open-source security suite combining structural code analysis with AI-powered vulnerability detection for modern development teams.
Key Features
Real-time IDE Integration
Bringing security insights directly into your editor as you code
AI-Assisted Analysis
Leveraging LLMs to understand context and identify nuanced vulnerabilities
Unified Workflow Coverage
From local development to pull requests to CI/CD pipelines
Flexible Reporting
Supporting DefectDojo, GitHub Advanced Security, SARIF, and other platforms
Quick Start
New to Code Pathfinder? Check out the Installation Guide for step-by-step instructions on installing via Docker, npm, or from source.
Basic Scan
Run a security scan on your project:
pathfinder scan --rules rules/ --project /path/to/projectCI/CD Integration
Generate machine-readable output for CI/CD pipelines:
# JSON output
pathfinder ci --rules rules/ --project . --output json > results.json
# SARIF output (GitHub Code Scanning)
pathfinder ci --rules rules/ --project . --output sarif > results.sarif
# CSV output
pathfinder ci --rules rules/ --project . --output csv > results.csvUsing Docker
Run scans in a containerized environment:
docker run --rm -v "./src:/src" \
shivasurya/code-pathfinder:stable-latest \
ci --project /src --ruleset cpf/javaSecureFlow AI
AI-Powered Security Analysis
SecureFlow brings AI-powered security analysis directly into your development workflow. Supporting 13+ leading AI models (Claude, GPT, Gemini, Grok), SecureFlow understands your codebase context to detect real vulnerabilities, catch edge cases, and eliminate false positives.
Traditional SAST has 80% false positives. SecureFlow helps you ship secure code in minutes.
VS Code Extension
Install the SecureFlow extension for real-time security analysis in your editor:
SecureFlow CLI Usage
secureflow scan ./path/to/project