AgentGG: Open-source agentic SAST scanner

Static analysis tools have spent years matching source code against known-bad patterns and handing engineers long lists of candidate issues to triage by hand. AgentGG approaches the same job with AI agents that read the code, follow imports, walk the call graph, and confirm a finding before they report it. The project is an open-source agentic SAST scanner released under the Apache 2.0 license.

How the agents run

Each agent is a self-contained markdown file with YAML frontmatter that declares a precondition, target file patterns, and the instructions it follows. The catalog ships more than 100 official agents, and it downloads on the first scan from the agentgg-agents repository. Installation runs through npm with one global command, and the tool needs Node.js 20 or later.

The scan runs in phases. A fast recon pass surveys the project first, building a brief on what it is and how it works, which orients every agent that follows. The agents then run in parallel, each a tool-enabled investigation that follows imports and callers to confirm a finding before flagging it. An optional validation pass then analyzes the code behind each finding, consulting a pentest scope when one is provided, and labels it. A final scoring pass attaches a CVSS severity. Findings can be browsed in a local web UI, filtered by severity, agent, or file.

Tech gating keeps scans focused

On every scan, a fast recon pass surveys the project first, noting its languages, frameworks, and dependencies. It then checks each agent’s precondition to decide whether that agent is worth running on this repository. A precondition can be a cheap regex check for telltale files such as package.json, composer.json, go.mod, and pyproject.toml, or an optional model gate that reads the recon brief. A scan against a Go-only repository skips PHP, Python, Ruby, and .NET agents because each of those agents preconditions on its own language being present, so it bows out on its own. A --no-recon flag skips both recon and precondition gating and forces every selected agent to run, which helps when debugging an agent on a stack the survey does not yet recognize.

Resume is built in. A state directory tracks each scanned file, so an interrupted scan picks up where it stopped and unchanged files cost nothing on the next pass. Findings land as GHSA-shaped markdown files in an output directory, with a summary report that aggregates counts per agent and validation verdict.

Provider options and model quality

AgentGG works with Anthropic, OpenAI, Ollama, AWS Bedrock, and Google Vertex AI. A one-time setup wizard writes credentials to a config file, and a one-shot flag can supply a key for CI runs without saving it. Ollama runs locally at no cost.

Philip Garabandic, a security engineer at TikTok and lead maintainer of AgentGG, told Help Net Security that model selection depends on the type of bug. “We are finding that some bug classes do well with cheaper models and some do much better with frontier models,” he said. “For example, secret keys and SQL injection risks, even Ollama can find those. If you are scanning for more complex security bugs or business logic bugs, you want a better model.” Picking the right model for each bug class remains an open research question for the team.

Catalog review and trust

The official agent catalog goes through manual review. “Yes, we have an official GitHub repository of agents that are reviewed,” Garabandic said. “The same way Nuclei has its official repository of templates, we have one for agents. They get pulled from there and we manually reviewed anything merged there.” Agents that reach a user’s machine come from that reviewed source, and a separate custom directory holds user-installed agents.

Validation and benchmarks

AgentGG includes an optional validation phase, a second-pass model call that re-reads the source for each finding and labels it confirmed, false-positive, out-of-scope, or uncertain. A scope file lets the validator consult a security policy or pentest scope document, so it can mark findings that sit outside an engagement. The tool can attach a CVSS 3.1 severity score to each finding and run inside GitHub Actions on pull requests, scoped to the code diff.

Garabandic tied the scope feature to measured gains. “We have done bench marking again tools like deepsec and we found more bugs and about 10-20% fewer false positives because we allow you to add pentest scope as part of the validation context,” he said.

AgentGG is available for free on GitHub.

Must read:

• 25 open-source cybersecurity tools that don’t care about your budget
• GitHub CISO on security strategy and collaborating with the open-source community

Subscribe to the Help Net Security ad-free monthly newsletter to stay informed on the essential open-source cybersecurity tools. Subscribe here!