Shield AST - Application Security Testing CLI
Shield AST is a powerful command-line tool for Application Security Testing, combining multiple open-source scanners into a single workflow. With ast, you can run SAST (Static Application Security Testing), SCA (Software Composition Analysis), and IaC (Infrastructure as Code) analysis quickly and automatically, helping you identify and fix vulnerabilities early in the development lifecycle.
📦 Requirements
-
Ruby (version 3.0 or later) must be installed on your system.
You can check your Ruby version with:
ruby -vIf you don't have Ruby installed, follow the instructions at: https://www.ruby-lang.org/en/documentation/installation/
📦 Installation
# Install the gem
gem install ast🚀 Usage
ast [command] [options]Commands
-
scan [path]– Scans a directory for vulnerabilities. Defaults to the current directory. -
report– Generates a detailed report from the last scan. -
help– Displays this help message.
Options
-
-s, --sast– Run SAST using Semgrep. -
-c, --sca– Run SCA using OSV Scanner. -
-i, --iac– Run IaC analysis using Semgrep with infrastructure rules. -
-o, --output– Specify the output format (json,sarif,console). -
-h, --help– Show this help message. -
--version– Show the AST version.
📌 Examples
# Scan the current directory for all types of vulnerabilities
ast scan
# Run only SAST and SCA on a specific project folder
ast scan /path/to/project --sast --sca
# Generate a report in SARIF format
ast report --output sarif🛠How It Works
AST integrates well-known open-source scanners into a single CLI tool:
- SAST – Semgrep for static code analysis
- SCA – OSV Scanner for dependency vulnerability scanning
- IaC – Semgrep rules for Infrastructure as Code
This unified approach streamlines security testing, enabling developers to catch security issues earlier in the development process.
📄 License
Distributed under the MIT License. See the LICENSE file for details.