A static analysis tool for Solidity smart contracts focused on security, correctness, and productivity
npm install @aegis-security/aegis@aegis-security/aegis. Although the package is published under a scoped name, the CLI command is simply aegis.
bash
npm install
`
For global installation:
`bash
npm install -g @aegis-security/aegis
`
Or use via npx:
`bash
npx @aegis-security/aegis scan .
`
Quick Start
$3
`bash
aegis scan contracts/Token.sol
`
$3
`bash
aegis scan contracts/
`
$3
`bash
aegis scan . --format json
`
$3
`bash
aegis scan . --severity HIGH
`
$3
`bash
aegis scan . --ignore-rules UNBOUNDED_LOOP,DEPRECATED
`
$3
`bash
aegis scan . --quiet
`
Command Line Options
`
Usage: aegis scan [options]
Arguments:
target File or directory to scan
Options:
-f, --format Output format (json|text) (default: "text")
-s, --severity Minimum severity level (CRITICAL|HIGH|MEDIUM|LOW)
-i, --ignore-rules Comma-separated list of rule IDs to ignore
--quiet Suppress summary output
-h, --help Display help for command
-V, --version Display version
`
Detected Issues
Aegis currently detects the following issues:
$3
- REENTRANCY: Potential reentrancy vulnerabilities in external calls
$3
- TX_ORIGIN: Use of tx.origin for authorization
- UNCHECKED_CALL: Unchecked low-level calls (call(), delegatecall(), etc.)
- INTEGER_OVERFLOW: Integer overflow/underflow (Solidity < 0.8)
$3
- UNBOUNDED_LOOP: Potentially unbounded loops
- DEPRECATED: Usage of deprecated functions/opcodes
Output Formats
$3
`
Aegis Scan Results
==================================================
contracts/VulnerableContract.sol (Solidity ^0.7.0)
[HIGH] Use of tx.origin for authorization - prefer msg.sender
Rule: TX_ORIGIN | Line: 10:15
Suggestion: Use msg.sender instead of tx.origin. tx.origin can be manipulated by intermediate contracts in a call chain.
==================================================
Summary:
Files scanned: 1
Files with issues: 1
Total findings: 1
Findings by severity:
HIGH: 1
`
$3
`json
{
"summary": {
"files": 1,
"totalFindings": 1,
"bySeverity": {
"CRITICAL": 0,
"HIGH": 1,
"MEDIUM": 0,
"LOW": 0
},
"filesWithIssues": 1
},
"results": [
{
"file": "/path/to/contracts/VulnerableContract.sol",
"version": "^0.7.0",
"findings": [
{
"ruleId": "TX_ORIGIN",
"severity": "HIGH",
"message": "Use of tx.origin for authorization - prefer msg.sender",
"file": "/path/to/contracts/VulnerableContract.sol",
"line": 10,
"column": 15,
"suggestion": "Use msg.sender instead of tx.origin..."
}
]
}
]
}
`
Exit Codes
- 0: Scan completed successfully, no CRITICAL issues found
- 1: Scan completed but CRITICAL issues were detected, or an error occurred
This makes Aegis suitable for CI/CD pipelines where non-zero exit codes can trigger build failures.
CI/CD Integration
$3
`yaml
name: Security Scan
on: [push, pull_request]
jobs:
scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: '18'
- run: npm install
- run: npm install -g .
- run: aegis scan contracts/ --format json > scan-results.json
- uses: actions/upload-artifact@v3
with:
name: scan-results
path: scan-results.json
`
Examples
Some examples intentionally trigger MEDIUM findings to demonstrate how Aegis reports non-critical issues.
See the examples/ directory for sample Solidity contracts:
- vulnerable-contract.sol: Contains various vulnerabilities for testing
- safe-contract.sol: Demonstrates mostly safe patterns but may still trigger non-critical findings (e.g. gas-related warnings)
- clean-example.sol: Demonstrates a contract with zero findings
Run Aegis on these examples:
`bash
aegis scan examples/vulnerable-contract.sol
`
Development
$3
`bash
npm test
`
$3
`bash
npm run test:coverage
`
$3
`
aegis/
βββ src/
β βββ cli/ # CLI interface
β βββ core/ # Core types (Finding, Rule)
β βββ scanner/ # Scanner implementation
β βββ ast/ # AST parsing utilities
β βββ rules/ # Vulnerability detection rules
β βββ reporters/ # Output formatters (JSON, Text)
β βββ utils/ # Utility functions
βββ examples/ # Example Solidity contracts
βββ src/__tests__/ # Test files
βββ README.md
``