Latio Application Security Tester is an open-source tool that enables the usage of OpenAI to scan code from the CLI for security and health issues.
Features and future plans
James Berthoty, the creator of Latio Application Security Tester, told Help Net Security about the unique features that make it stand out:
1. Easily send code changes to OpenAI without dealing with copy-pasting into ChatGPT or setting up the perfect prompt.
2. The default model is cheap 3.5, but you can easily pass in whatever model you want for testing purposes.
3. The ability to do full scans for smaller applications.
4. --health
option also allows for optimization and code smell scanning.
5. GitHub Actions templates for easy experimentation in the pipeline.
Berthoty told us that future plans include easy setup with non-OpenAI models, better large file handling for where your code or changes start going over the token limit, and a GitHub auth flow and hosted version for users who don’t want to deal with setting up anything.
Latio Application Security Tester is available for free on GitHub.
More open-source tools to consider: