Project

shield_ast

0.0
No release in over 3 years
shield_astjaugusto42/shield_astHomepageDocumentationSource CodeBug Tracker
Shield AST is an all-in-one command-line tool that automates security testing by integrating popular open-source scanners for SAST, SCA, and IaC, helping you find and fix vulnerabilities early in the development lifecycle.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
 Popularity
Downloads
1,409
Stars
1
Forks
0
Watchers
1
 Releases
Current version
1.3.2
Total releases
8
First release
1980-01-02
Latest release
1980-01-02
 Development
Primary Language
Ruby
Licenses
MIT
Average date of last 50 commits
2025-08-20
Reverse Dependencies
0

 Dependencies

Runtime

gemini-ai
~> 4.3
erb
~> 4.0
fileutils
~> 1.7
json
~> 2.6
prawn
~> 2.4
prawn-table
~> 0.2
 Project Readme

Shield AST - Application Security Testing CLI

Gem Version Build Status Downloads License

Shield AST is a powerful command-line tool for Application Security Testing, combining multiple open-source scanners into a single workflow. With ast, you can run SAST (Static Application Security Testing), SCA (Software Composition Analysis), and IaC (Infrastructure as Code) analysis quickly and automatically, helping you identify and fix vulnerabilities early in the development lifecycle.

📦 Requirements

  • Ruby (version 3.0 or later) must be installed on your system.
    You can check your Ruby version with:
ruby -v

If you don't have Ruby installed, follow the instructions at: https://www.ruby-lang.org/en/documentation/installation/

📦 Installation

# Install the gem
gem install ast

🚀 Usage

ast [command] [options]

Commands

  • scan [path] – Scans a directory for vulnerabilities. Defaults to the current directory.
  • report – Generates a detailed report from the last scan.
  • help – Displays this help message.

Options

  • -s, --sast – Run SAST using Semgrep.
  • -c, --sca – Run SCA using OSV Scanner.
  • -i, --iac – Run IaC analysis using Semgrep with infrastructure rules.
  • -o, --output – Specify the output format (json, sarif, console).
  • -h, --help – Show this help message.
  • --version – Show the AST version.

✨ NEW: AI-Powered False Positive Analysis

Shield AST can use the Google Gemini API to automatically analyze findings and flag potential false positives, helping you focus on what matters most.

How to Enable It

To activate this feature, you need a Google AI API key.

1. Get Your API Key

First, you'll need a Google Gemini API key to enable AI analysis.

  1. Navigate to Google AI Studio.
  2. Click "Create API key" (you may need to sign in with your Google account).
  3. Copy the key once it's generated.

2. Configure Your Environment

Next, export the API key as an environment variable in your terminal.

# Replace with your actual API key
export GEMINI_API_KEY="YOUR_API_KEY_HERE"

📌 Tip: This command is temporary and only lasts for the current terminal session. To make it permanent, add the line above to your shell's configuration file (e.g., ~/.zshrc or ~/.bash_profile).

The tool defaults to the free gemini-2.5-flash model. If you have access to a more powerful model, you can specify it by setting the optional GEMINI_MODEL variable:

export GEMINI_MODEL="gemini-2.5-pro"

📌 Examples

# Scan the current directory for all types of vulnerabilities
ast scan

# Run only SAST and SCA on a specific project folder
ast scan /path/to/project --sast --sca

# Generate a report in SARIF format
ast report --output sarif

🛠 How It Works

AST integrates well-known open-source scanners into a single CLI tool:

  • SAST – Semgrep for static code analysis
  • SCA – OSV Scanner for dependency vulnerability scanning
  • IaC – Semgrep rules for Infrastructure as Code

This unified approach streamlines security testing, enabling developers to catch security issues earlier in the development process.

📄 License

Distributed under the MIT License. See the LICENSE file for details.