Latio Application Security Tester: Use AI to scan your code
Latio Application Security Tester is an open-source tool that enables the usage of OpenAI to scan code from the CLI for security and health issues.
Features and future plans
James Berthoty, the creator of Latio Application Security Tester, told Help Net Security about the unique features that make it stand out:
1. Easily send code changes to OpenAI without dealing with copy-pasting into ChatGPT or setting up the perfect prompt.
2. The default model is cheap 3.5, but you can easily pass in whatever model you want for testing purposes.
3. The ability to do full scans for smaller applications.
--health option also allows for optimization and code smell scanning.
5. GitHub Actions templates for easy experimentation in the pipeline.
Berthoty told us that future plans include easy setup with non-OpenAI models, better large file handling for where your code or changes start going over the token limit, and a GitHub auth flow and hosted version for users who don’t want to deal with setting up anything.
Latio Application Security Tester is available for free on GitHub.
More open-source tools to consider:
- CVEMap: Open-source tool to query, browse and search CVEs
- Faction: Open-source pentesting report generation and collaboration framework
- Adalanche: Open-source Active Directory ACL visualizer, explorer
- AuthLogParser: Open-source tool for analyzing Linux authentication logs
- DriveFS Sleuth: Open-source tool for investigating Google Drive File Stream’s disk forensic artifacts
- Subdominator: Open-source tool for detecting subdomain takeovers
- EMBA: Open-source security analyzer for embedded devices