Ollama Automated Security Intelligence Scanner
🛡️ An AI-powered security auditing tool that leverages Ollama models to detect and analyze potential security vulnerabilities in your code.
Advanced code security analysis through the power of AI
- 🔍 Multi-Model Analysis: Leverage multiple Ollama models for comprehensive security scanning
- 💾 Smart Caching: Efficient embedding caching system for faster repeated analyses
- 📊 Rich Reporting: Detailed reports in multiple formats (Markdown, PDF, HTML)
- 🔄 Parallel Processing: Optimized performance through parallel vulnerability analysis
- 📝 Executive Summaries: Clear overview of all detected vulnerabilities
- 🎯 Customizable Scans: Support for specific vulnerability types and file extensions
- 📈 Distribution Analysis: Advanced audit mode for embedding distribution analysis
- Python 3.7+
- Ollama installed and running
- pipx (for isolated installation)
# On macOS brew install pipx pipx ensurepath # On Ubuntu/Debian python3 -m pip install --user pipx python3 -m pipx ensurepath # On Windows (with pip) pip install --user pipx python -m pipx ensurepath
- Clone the repository:
git clone https://github.com/psyray/oasis.git
cd oasis- Install with pipx:
# First time installation
pipx install --editable .
# Update existing installation
pipx upgrade oasisNote: If you need to reinstall or update during development:
pipx uninstall oasis
pipx install --editable .Basic usage:
oasis [path_to_analyze]To quickly test OASIS with sample files:
# Clone and install
git clone https://github.com/psyray/oasis.git
cd oasis
pipx install --editable .
# Run analysis on test files
oasis test_files/This will analyze the provided test files and generate security reports in the test_files/security_reports/ directory.
Advanced options:
oasis [path_to_analyze] \
--cache-days 7 \
--threshold 0.5 \
--vulns xss,sqli \
--embed-model nomic-embed-text \
--models llama2,codellamainput_path: Path to file, directory, or .txt file containing paths to analyze--cache-days: Maximum age of cache in days (default: 7)--threshold: Similarity threshold (default: 0.5)--vulns: Vulnerability types to check (comma-separated or 'all')--no-pdf: Skip PDF generation--debug: Enable debug mode--verbose: Enable verbose output--embed-model: Model to use for embeddings--models: Comma-separated list of models to use--list-models: List available models and exit--extensions: Custom file extensions to analyze--clear-cache: Clear embeddings cache before starting--audit: Run embedding distribution analysis
| Tag | Description |
|---|---|
sqli |
SQL Injection |
xss |
Cross-Site Scripting |
input |
Insufficient Input Validation |
data |
Sensitive Data Exposure |
session |
Session Management Issues |
config |
Security Misconfiguration |
logging |
Sensitive Data Logging |
crypto |
Insecure Cryptographic Function Usage |
security_reports/
├── [model_name]/
│ ├── markdown/
│ │ ├── vulnerability_type.md
│ │ └── executive_summary.md
│ ├── pdf/
│ │ ├── vulnerability_type.pdf
│ │ └── executive_summary.pdf
│ └── html/
│ ├── vulnerability_type.html
│ └── executive_summary.html
The tool maintains a cache of embeddings to improve performance:
- Default cache duration: 7 days
- Cache location:
embeddings_cache.pklin the input directory - Use
--clear-cacheto force a fresh analysis
Run OASIS in audit mode to analyze embedding distributions:
oasis [path_to_analyze] --auditContributions are welcome! Please feel free to submit a Pull Request. Check out our Contributing Guidelines for more details.
GPL v3 - feel free to use this project for your security needs.
- Built with Ollama
- Uses WeasyPrint for PDF generation
- Special thanks to all contributors and the open-source community
If you encounter any issues or have questions, please file an issue