![VS Code Marketplace](https://marketplace.visualstudio.com/items?itemName=codepathfinder.secureflow)
![npm version](https://www.npmjs.com/package/@codepathfinder/secureflow-cli)
![Open VSX](https://open-vsx.org/extension/codepathfinder/secureflow)

SecureFlow CLI

🛡️ AI-Powered Security Analysis for Your Codebase

SecureFlow CLI is a powerful command-line tool that performs comprehensive security analysis of your projects using advanced AI models. It intelligently analyzes your code structure, identifies vulnerabilities, and provides actionable security insights with a beautiful TUI interface.

✨ Features

- 🤖 AI-Powered Analysis - Supports 13+ AI models including Claude, GPT, and Gemini
- 🔍 Intelligent File Discovery - Smart project analysis with iterative file request system
- 🎯 Comprehensive Scanning - Full project security analysis with context-aware insights
- 📊 Multiple Output Formats - Text, JSON, and DefectDojo integration
- 🏗️ Project Profiling - Technology stack detection and application type identification
- 🎨 Beautiful TUI - Claude-style terminal interface with colored output and progress indicators

🚀 Quick Start

$3

From the repository root:

``bash

`Run directly`


node packages/secureflow-cli/bin/secureflow --help
Or install globally (future)

npm install -g @codepathfinder/secureflow-cli


$3
SecureFlow CLI requires an AI model to perform analysis. Set up your API key:

`bash

`Check current configuration`


secureflow config --show
The CLI will prompt for API key configuration on first run

Or manually edit the config file shown in the output

Supported Models: - Anthropic Claude:claude-sonnet-4-5-20250929 (recommended), claude-opus-4-1-20250805, claude-sonnet-4-20250514, claude-3-7-sonnet-20250219, claude-3-5-haiku-20241022, ~~claude-3-5-sonnet-20241022~~ (deprecated) - OpenAI:gpt-4o, gpt-4o-mini, o1, o1-mini, gpt-4.1-2025-04-14, o3-mini-2025-01-31- Google Gemini:gemini-2.5-pro, gemini-2.5-flash- xAI Grok:grok-4-fast-reasoning- OpenRouter: Access 200+ models from multiple providers (use format:provider/model e.g., anthropic/claude-3-5-sonnet) - Ollama:qwen3:4b

`$3`

`bash

`Scan current directory with default model`


secureflow scan
Scan specific project with Claude

secureflow scan ./my-project --model claude-sonnet-4-5-20250929
Get project profile first

secureflow profile ./my-project


📋 Commands
$3
Performs comprehensive AI-powered security analysis of your project.

`bash secureflow scan [path] [options]`

Options: ---model - AI model to use for analysis ---format - Output format: text, json, or defectdojo (default: text) ---output - Save results to file ---defectdojo - Export in DefectDojo format (shorthand for --format defectdojo)

DefectDojo Integration:`bash secureflow scan \ --format defectdojo \ --defectdojo-url https://defectdojo.example.com \ --defectdojo-token your-api-token \ --defectdojo-product-id 123 \ --output findings.json`

DefectDojo Options: ---defectdojo-url - DefectDojo instance URL ---defectdojo-token - API token for authentication ---defectdojo-product-id - Product ID to submit findings ---defectdojo-engagement-id - Engagement ID (optional, will create if not provided) ---defectdojo-test-title <code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"> - Test title (default: "SecureFlow Scan")</p><p class="my-3"><h3 class="text-lg font-medium mt-4 mb-2">$3</h3></p><p class="my-3">Analyzes project structure and identifies technologies, frameworks, and application types.</p><p class="my-3"></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">bash<br />secureflow profile [path] [options]<br /></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"></p><p class="my-3"><strong>Options:</strong><br />- </code>--model <model><code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"> - AI model to use for analysis<br />- </code>--format <format><code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"> - Output format: </code>text<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"> or </code>json<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"> (default: </code>text<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">)<br />- </code>--output <file><code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"> - Save results to file</p><p class="my-3"><h3 class="text-lg font-medium mt-4 mb-2">$3</h3></p><p class="my-3">View and manage CLI configuration.</p><p class="my-3"></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">bash<br />secureflow config --show # Show masked configuration<br />secureflow config --show --raw # Show raw configuration (use with caution)<br /></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"></p><p class="my-3"><h2 class="text-xl font-semibold mt-5 mb-3">🔧 Configuration</h2></p><p class="my-3">SecureFlow CLI stores configuration in a local config file. The location is shown when running </code>secureflow config --show<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">.</p><p class="my-3"><strong>Example Configuration:</strong><br /></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">json<br />{<br /> "model": "grok-4-fast-reasoning",<br /> "apiKey": "xai-token",<br /> "provider": "grok",<br /> "analytics": {<br /> "enabled": false<br /> }<br />}<br /></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"></p><p class="my-3"><strong>Getting API Keys:</strong><br />- <strong>Anthropic (Claude)</strong>: <a href="https://console.anthropic.com" class="text-primary hover:underline" target="_blank" rel="noopener noreferrer">console.anthropic.com</a><br />- <strong>OpenAI</strong>: <a href="https://platform.openai.com" class="text-primary hover:underline" target="_blank" rel="noopener noreferrer">platform.openai.com</a><br />- <strong>Google</strong>: <a href="https://ai.google.dev" class="text-primary hover:underline" target="_blank" rel="noopener noreferrer">ai.google.dev</a><br />- <strong>Grok (xAI)</strong>: <a href="https://console.x.ai" class="text-primary hover:underline" target="_blank" rel="noopener noreferrer">console.x.ai</a><br />- <strong>OpenRouter</strong>: <a href="https://openrouter.ai/settings/keys" class="text-primary hover:underline" target="_blank" rel="noopener noreferrer">openrouter.ai</a></p><p class="my-3"><h2 class="text-xl font-semibold mt-5 mb-3">🎯 Usage Examples</h2></p><p class="my-3"><h3 class="text-lg font-medium mt-4 mb-2">$3</h3><br /></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">bash<br /><h1 class="text-2xl font-bold mt-6 mb-4">Scan current directory</h1><br />secureflow scan</p><p class="my-3"><h1 class="text-2xl font-bold mt-6 mb-4">Scan with specific model</h1><br />secureflow scan --model grok-4-fast-reasoning</p><p class="my-3"><h1 class="text-2xl font-bold mt-6 mb-4">Save results to file</h1><br />secureflow scan --output security-report.json --format json<br /></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"></p><p class="my-3"><h3 class="text-lg font-medium mt-4 mb-2">$3</h3><br /></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">bash<br /><h1 class="text-2xl font-bold mt-6 mb-4">Profile current project</h1><br />secureflow profile</p><p class="my-3"><h1 class="text-2xl font-bold mt-6 mb-4">Profile specific directory</h1><br />secureflow profile ./backend --format json<br /></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"></p><p class="my-3"><h3 class="text-lg font-medium mt-4 mb-2">$3</h3><br /></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">bash<br /><h1 class="text-2xl font-bold mt-6 mb-4">Export to DefectDojo with minimal setup</h1><br />secureflow scan \<br /> --defectdojo \<br /> --defectdojo-url https://defectdojo.company.com \<br /> --defectdojo-token $DEFECTDOJO_TOKEN \<br /> --defectdojo-product-id 42</p><p class="my-3"><h1 class="text-2xl font-bold mt-6 mb-4">Full DefectDojo configuration</h1><br />secureflow scan \<br /> --format defectdojo \<br /> --defectdojo-url https://defectdojo.company.com \<br /> --defectdojo-token $DEFECTDOJO_TOKEN \<br /> --defectdojo-product-id 42 \<br /> --defectdojo-engagement-id 123 \<br /> --defectdojo-test-title "Weekly Security Scan" \<br /> --output weekly-findings.json<br /></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"></p><p class="my-3"><h2 class="text-xl font-semibold mt-5 mb-3">🏗️ How It Works</h2></p><p class="my-3">SecureFlow CLI uses an innovative <strong>LLM File Request System</strong> that works like tool calling:</p><p class="my-3">1. <strong>Project Discovery</strong> - Analyzes project structure and identifies key files<br />2. <strong>Iterative Analysis</strong> - AI makes targeted file requests using XML-like syntax:<br /> </code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">xml<br /> <file_request path="./src/auth.js" reason="Analyze authentication logic" /><br /> <list_file_request path="./src/components" reason="Explore component structure" /><br /> </code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"><br />3. <strong>Security Analysis</strong> - Performs up to 3 iterations of analysis with context building<br />4. <strong>Report Generation</strong> - Outputs comprehensive security findings with severity levels</p><p class="my-3"><strong>Security Features:</strong><br />- ✅ Hidden file filtering (ignores </code>.git<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">, </code>.DS_Store<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">, etc.)<br />- ✅ Symlink protection against directory traversal<br />- ✅ Project scope validation<br />- ✅ File size limits (large files truncated)<br />- ✅ Comprehensive request logging</p><p class="my-3"><h2 class="text-xl font-semibold mt-5 mb-3">🎨 Output Formats</h2></p><p class="my-3"><h3 class="text-lg font-medium mt-4 mb-2">$3</h3><br />Beautiful colored terminal output with:<br />- 🔴 Critical vulnerabilities<br />- 🟠 High severity issues <br />- 🟡 Medium severity warnings<br />- 🔵 Low severity notes<br />- ℹ️ Informational findings</p><p class="my-3"><h3 class="text-lg font-medium mt-4 mb-2">$3</h3><br />Structured output perfect for CI/CD integration:<br /></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono">json<br />{<br /> "summary": {<br /> "totalIssues": 5,<br /> "critical": 1,<br /> "high": 2,<br /> "medium": 1,<br /> "low": 1<br /> },<br /> "findings": [...]<br />}<br /></code>`<code class="bg-muted px-1 py-0.5 rounded text-sm font-mono"></p><p class="my-3"><h3 class="text-lg font-medium mt-4 mb-2">$3</h3><br />Direct integration with DefectDojo security platforms:<br />- Compliant with Generic Findings Import format<br />- Automatic severity mapping<br />- File path and line number extraction<br />- CWE/CVE detection and tagging</p><p class="my-3">---</p><p class="my-3"><strong>Need Help?</strong> <br />- Run </code>secureflow --help` for command overview<br />- Open an issue or discussion on <a href="https://github.com/shivasurya/code-pathfinder/issues" class="text-primary hover:underline" target="_blank" rel="noopener noreferrer">GitHub</a><br /></p></div><div class="flex justify-center absolute inset-x-0 bottom-0 bg-gradient-to-t from-background via-background to-transparent pb-4 pt-16"><button data-slot="button" class="inline-flex items-center justify-center whitespace-nowrap text-sm font-medium transition-all disabled:pointer-events-none disabled:opacity-50 [&_svg]:pointer-events-none [&_svg:not([class*='size-'])]:size-4 shrink-0 [&_svg]:shrink-0 outline-none focus-visible:border-ring focus-visible:ring-ring/50 focus-visible:ring-[3px] aria-invalid:ring-destructive/20 dark:aria-invalid:ring-destructive/40 aria-invalid:border-destructive border bg-background shadow-xs hover:bg-accent hover:text-accent-foreground dark:bg-input/30 dark:border-input dark:hover:bg-input/50 h-8 rounded-md gap-1.5 px-3 has-[>svg]:px-2.5"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-chevron-down mr-1 h-4 w-4"><path d="m6 9 6 6 6-6"></path></svg>Show more</button></div></div></div><template id="P:3"></template><template id="P:4"></template></div></div><div class="space-y-8"><div class="flex flex-col gap-6 lg:flex-row lg:gap-8"><div class="flex-1 space-y-4"><div data-slot="skeleton" class="bg-accent animate-pulse rounded-md h-10 w-64"></div><div data-slot="skeleton" class="bg-accent animate-pulse rounded-md h-6 w-full max-w-xl"></div><div class="flex gap-2"><div data-slot="skeleton" class="bg-accent animate-pulse rounded-md h-6 w-16"></div><div data-slot="skeleton" class="bg-accent animate-pulse rounded-md h-6 w-20"></div><div data-slot="skeleton" class="bg-accent animate-pulse rounded-md h-6 w-14"></div></div></div><div class="w-full lg:w-80"><div data-slot="skeleton" class="bg-accent animate-pulse rounded-md h-32 w-full"></div></div></div><div class="space-y-4"><div data-slot="skeleton" class="bg-accent animate-pulse rounded-md h-10 w-64"></div><div data-slot="skeleton" class="bg-accent animate-pulse rounded-md h-64 w-full"></div></div></div></main></div><script>requestAnimationFrame(function(){$RT=performance.now()});</script><script src="/_next/static/chunks/9b9784636e791b20.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd" id="_R_" async=""></script><script>(self.__next_f=self.__next_f||[]).push([0])</script><script>self.__next_f.push([1,"1:\"$Sreact.fragment\"\n2:I[39756,[\"/_next/static/chunks/ff1a16fafef87110.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\",\"/_next/static/chunks/d2be314c3ece3fbe.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\"],\"default\"]\n3:I[37457,[\"/_next/static/chunks/ff1a16fafef87110.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\",\"/_next/static/chunks/d2be314c3ece3fbe.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\"],\"default\"]\n4:I[49786,[\"/_next/static/chunks/d25c1c87321c1e5e.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\",\"/_next/static/chunks/d23d08e0b5d1d215.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\",\"/_next/static/chunks/ae55acb14c32e044.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\"],\"Header\"]\n5:I[22016,[\"/_next/static/chunks/d25c1c87321c1e5e.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\",\"/_next/static/chunks/d23d08e0b5d1d215.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\",\"/_next/static/chunks/ae55acb14c32e044.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\"],\"\"]\nc:I[68027,[\"/_next/static/chunks/ff1a16fafef87110.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\",\"/_next/static/chunks/d2be314c3ece3fbe.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\"],\"default\"]\nd:I[2355,[\"/_next/static/chunks/d25c1c87321c1e5e.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\"],\"Analytics\"]\nf:I[97367,[\"/_next/static/chunks/ff1a16fafef87110.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\",\"/_next/static/chunks/d2be314c3ece3fbe.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\"],\"OutletBoundary\"]\n10:\"$Sreact.suspense\"\n12:I[97367,[\"/_next/static/chunks/ff1a16fafef87110.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\",\"/_next/static/chunks/d2be314c3ece3fbe.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\"],\"ViewportBoundary\"]\n14:I[97367,[\"/_next/static/chunks/ff1a16fafef87110.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\",\"/_next/static/chunks/d2be314c3ece3fbe.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\"],\"MetadataBoundary\"]\n:HL[\"/_next/static/chunks/60ba853f5ed1b16b.css?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\",\"style\"]\n:HL[\"/_next/static/chunks/9c76f6dd8b5c38e2.css?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\",\"style\"]\n:HL[\"/_next/static/media/68d403cf9f2c68c5-s.p.f9f15f61.woff2\",\"font\",{\"crossOrigin\":\"\",\"type\":\"font/woff2\"}]\n:HL[\"/_next/static/media/797e433ab948586e-s.p.dbea232f.woff2\",\"font\",{\"crossOrigin\":\"\",\"type\":\"font/woff2\"}]\n:HL[\"/_next/static/media/caa3a2e1cccd8315-s.p.853070df.woff2\",\"font\",{\"crossOrigin\":\"\",\"type\":\"font/woff2\"}]\n"])</script><script>self.__next_f.push([1,"0:{\"P\":null,\"b\":\"x_DymHuNhDTJUp7Mmr_Ru\",\"c\":[\"\",\"package\",\"%40codepathfinder%2Fsecureflow-cli\"],\"q\":\"\",\"i\":false,\"f\":[[[\"\",{\"children\":[\"package\",{\"children\":[[\"name\",\"%40codepathfinder/secureflow-cli\",\"c\"],{\"children\":[\"__PAGE__\",{}]}]}]},\"$undefined\",\"$undefined\",true],[[\"$\",\"$1\",\"c\",{\"children\":[[[\"$\",\"link\",\"0\",{\"rel\":\"stylesheet\",\"href\":\"/_next/static/chunks/60ba853f5ed1b16b.css?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\",\"precedence\":\"next\",\"crossOrigin\":\"$undefined\",\"nonce\":\"$undefined\"}],[\"$\",\"link\",\"1\",{\"rel\":\"stylesheet\",\"href\":\"/_next/static/chunks/9c76f6dd8b5c38e2.css?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\",\"precedence\":\"next\",\"crossOrigin\":\"$undefined\",\"nonce\":\"$undefined\"}],[\"$\",\"script\",\"script-0\",{\"src\":\"/_next/static/chunks/d25c1c87321c1e5e.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\",\"async\":true,\"nonce\":\"$undefined\"}]],[\"$\",\"html\",null,{\"lang\":\"en\",\"children\":[\"$\",\"body\",null,{\"className\":\"font-sans antialiased\",\"children\":[[\"$\",\"$L2\",null,{\"parallelRouterKey\":\"children\",\"error\":\"$undefined\",\"errorStyles\":\"$undefined\",\"errorScripts\":\"$undefined\",\"template\":[\"$\",\"$L3\",null,{}],\"templateStyles\":\"$undefined\",\"templateScripts\":\"$undefined\",\"notFound\":[[\"$\",\"div\",null,{\"className\":\"min-h-screen bg-background\",\"children\":[[\"$\",\"$L4\",null,{}],[\"$\",\"main\",null,{\"className\":\"mx-auto flex max-w-md flex-col items-center justify-center px-4 py-24 text-center\",\"children\":[[\"$\",\"svg\",null,{\"ref\":\"$undefined\",\"xmlns\":\"http://www.w3.org/2000/svg\",\"width\":24,\"height\":24,\"viewBox\":\"0 0 24 24\",\"fill\":\"none\",\"stroke\":\"currentColor\",\"strokeWidth\":2,\"strokeLinecap\":\"round\",\"strokeLinejoin\":\"round\",\"className\":\"lucide lucide-package mb-6 h-16 w-16 text-muted-foreground\",\"children\":[[\"$\",\"path\",\"1a0edw\",{\"d\":\"M11 21.73a2 2 0 0 0 2 0l7-4A2 2 0 0 0 21 16V8a2 2 0 0 0-1-1.73l-7-4a2 2 0 0 0-2 0l-7 4A2 2 0 0 0 3 8v8a2 2 0 0 0 1 1.73z\"}],[\"$\",\"path\",\"d0xqtd\",{\"d\":\"M12 22V12\"}],[\"$\",\"path\",\"yx3hmr\",{\"d\":\"m3.3 7 7.703 4.734a2 2 0 0 0 1.994 0L20.7 7\"}],[\"$\",\"path\",\"1c824w\",{\"d\":\"m7.5 4.27 9 5.15\"}],\"$undefined\"]}],[\"$\",\"h1\",null,{\"className\":\"mb-2 text-3xl font-bold\",\"children\":\"404\"}],[\"$\",\"h2\",null,{\"className\":\"mb-4 text-xl text-muted-foreground\",\"children\":\"Page not found\"}],[\"$\",\"p\",null,{\"className\":\"mb-8 text-muted-foreground\",\"children\":\"The page you're looking for doesn't exist or has been moved.\"}],[\"$\",\"div\",null,{\"className\":\"flex gap-3\",\"children\":[[\"$\",\"$L5\",null,{\"href\":\"/\",\"children\":[[\"$\",\"svg\",null,{\"ref\":\"$undefined\",\"xmlns\":\"http://www.w3.org/2000/svg\",\"width\":24,\"height\":24,\"viewBox\":\"0 0 24 24\",\"fill\":\"none\",\"stroke\":\"currentColor\",\"strokeWidth\":2,\"strokeLinecap\":\"round\",\"strokeLinejoin\":\"round\",\"className\":\"lucide lucide-house mr-1.5 h-4 w-4\",\"children\":[[\"$\",\"path\",\"5wwlr5\",{\"d\":\"M15 21v-8a1 1 0 0 0-1-1h-4a1 1 0 0 0-1 1v8\"}],[\"$\",\"path\",\"1d0kgt\",{\"d\":\"M3 10a2 2 0 0 1 .709-1.528l7-5.999a2 2 0 0 1 2.582 0l7 5.999A2 2 0 0 1 21 10v9a2 2 0 0 1-2 2H5a2 2 0 0 1-2-2z\"}],\"$undefined\"]}],\"Go home\"],\"data-slot\":\"button\",\"className\":\"inline-flex items-center justify-center gap-2 whitespace-nowrap rounded-md text-sm font-medium transition-all disabled:pointer-events-none disabled:opacity-50 [\u0026_svg]:pointer-events-none [\u0026_svg:not([class*='size-'])]:size-4 shrink-0 [\u0026_svg]:shrink-0 outline-none focus-visible:border-ring focus-visible:ring-ring/50 focus-visible:ring-[3px] aria-invalid:ring-destructive/20 dark:aria-invalid:ring-destructive/40 aria-invalid:border-destructive bg-primary text-primary-foreground hover:bg-primary/90 h-9 px-4 py-2 has-[\u003esvg]:px-3\",\"ref\":null}],[\"$\",\"$L5\",null,{\"href\":\"/search\",\"children\":[[\"$\",\"svg\",null,{\"ref\":\"$undefined\",\"xmlns\":\"http://www.w3.org/2000/svg\",\"width\":24,\"height\":24,\"viewBox\":\"0 0 24 24\",\"fill\":\"none\",\"stroke\":\"currentColor\",\"strokeWidth\":2,\"strokeLinecap\":\"round\",\"strokeLinejoin\":\"round\",\"className\":\"lucide lucide-search mr-1.5 h-4 w-4\",\"children\":[[\"$\",\"circle\",\"4ej97u\",{\"cx\":\"11\",\"cy\":\"11\",\"r\":\"8\"}],[\"$\",\"path\",\"1qie3q\",{\"d\":\"m21 21-4.3-4.3\"}],\"$undefined\"]}],\"Search packages\"],\"data-slot\":\"button\",\"className\":\"inline-flex items-center justify-center gap-2 whitespace-nowrap rounded-md text-sm font-medium transition-all disabled:pointer-events-none disabled:opacity-50 [\u0026_svg]:pointer-events-none [\u0026_svg:not([class*='size-'])]:size-4 shrink-0 [\u0026_svg]:shrink-0 outline-none focus-visible:border-ring focus-visible:ring-ring/50 focus-visible:ring-[3px] aria-invalid:ring-destructive/20 dark:aria-invalid:ring-destructive/40 aria-invalid:border-destructive border bg-background shadow-xs hover:bg-accent hover:text-accent-foreground dark:bg-input/30 dark:border-input dark:hover:bg-input/50 h-9 px-4 py-2 has-[\u003esvg]:px-3\",\"ref\":null}]]}]]}]]}],[]],\"forbidden\":\"$undefined\",\"unauthorized\":\"$undefined\"}],\"$L6\"]}]}]]}],{\"children\":[\"$L7\",{\"children\":[\"$L8\",{\"children\":[\"$L9\",{},null,false,false]},[\"$La\",[],[]],false,false]},null,false,false]},null,false,false],\"$Lb\",false]],\"m\":\"$undefined\",\"G\":[\"$c\",[]],\"S\":false}\n"])</script><script>self.__next_f.push([1,"6:[\"$\",\"$Ld\",null,{}]\n7:[\"$\",\"$1\",\"c\",{\"children\":[null,[\"$\",\"$L2\",null,{\"parallelRouterKey\":\"children\",\"error\":\"$undefined\",\"errorStyles\":\"$undefined\",\"errorScripts\":\"$undefined\",\"template\":[\"$\",\"$L3\",null,{}],\"templateStyles\":\"$undefined\",\"templateScripts\":\"$undefined\",\"notFound\":\"$undefined\",\"forbidden\":\"$undefined\",\"unauthorized\":\"$undefined\"}]]}]\n8:[\"$\",\"$1\",\"c\",{\"children\":[null,[\"$\",\"$L2\",null,{\"parallelRouterKey\":\"children\",\"error\":\"$undefined\",\"errorStyles\":\"$undefined\",\"errorScripts\":\"$undefined\",\"template\":[\"$\",\"$L3\",null,{}],\"templateStyles\":\"$undefined\",\"templateScripts\":\"$undefined\",\"notFound\":\"$undefined\",\"forbidden\":\"$undefined\",\"unauthorized\":\"$undefined\"}]]}]\n9:[\"$\",\"$1\",\"c\",{\"children\":[\"$Le\",[[\"$\",\"script\",\"script-0\",{\"src\":\"/_next/static/chunks/d23d08e0b5d1d215.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\",\"async\":true,\"nonce\":\"$undefined\"}],[\"$\",\"script\",\"script-1\",{\"src\":\"/_next/static/chunks/ae55acb14c32e044.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\",\"async\":true,\"nonce\":\"$undefined\"}]],[\"$\",\"$Lf\",null,{\"children\":[\"$\",\"$10\",null,{\"name\":\"Next.MetadataOutlet\",\"children\":\"$@11\"}]}]]}]\na:null\nb:[\"$\",\"$1\",\"h\",{\"children\":[null,[\"$\",\"$L12\",null,{\"children\":\"$L13\"}],[\"$\",\"div\",null,{\"hidden\":true,\"children\":[\"$\",\"$L14\",null,{\"children\":[\"$\",\"$10\",null,{\"name\":\"Next.Metadata\",\"children\":\"$L15\"}]}]}],[\"$\",\"meta\",null,{\"name\":\"next-size-adjust\",\"content\":\"\"}]]}]\n"])</script><script>self.__next_f.push([1,"e:[\"$\",\"div\",null,{\"className\":\"min-h-screen bg-background\",\"children\":[[\"$\",\"$L4\",null,{}],[\"$\",\"main\",null,{\"className\":\"mx-auto max-w-6xl px-4 py-8\",\"children\":[\"$\",\"$10\",null,{\"fallback\":[\"$\",\"div\",null,{\"className\":\"space-y-8\",\"children\":[[\"$\",\"div\",null,{\"className\":\"flex flex-col gap-6 lg:flex-row lg:gap-8\",\"children\":[[\"$\",\"div\",null,{\"className\":\"flex-1 space-y-4\",\"children\":[[\"$\",\"div\",null,{\"data-slot\":\"skeleton\",\"className\":\"bg-accent animate-pulse rounded-md h-10 w-64\"}],[\"$\",\"div\",null,{\"data-slot\":\"skeleton\",\"className\":\"bg-accent animate-pulse rounded-md h-6 w-full max-w-xl\"}],[\"$\",\"div\",null,{\"className\":\"flex gap-2\",\"children\":[[\"$\",\"div\",null,{\"data-slot\":\"skeleton\",\"className\":\"bg-accent animate-pulse rounded-md h-6 w-16\"}],[\"$\",\"div\",null,{\"data-slot\":\"skeleton\",\"className\":\"bg-accent animate-pulse rounded-md h-6 w-20\"}],[\"$\",\"div\",null,{\"data-slot\":\"skeleton\",\"className\":\"bg-accent animate-pulse rounded-md h-6 w-14\"}]]}]]}],[\"$\",\"div\",null,{\"className\":\"w-full lg:w-80\",\"children\":[\"$\",\"div\",null,{\"data-slot\":\"skeleton\",\"className\":\"bg-accent animate-pulse rounded-md h-32 w-full\"}]}]]}],[\"$\",\"div\",null,{\"className\":\"space-y-4\",\"children\":[[\"$\",\"div\",null,{\"data-slot\":\"skeleton\",\"className\":\"bg-accent animate-pulse rounded-md h-10 w-64\"}],[\"$\",\"div\",null,{\"data-slot\":\"skeleton\",\"className\":\"bg-accent animate-pulse rounded-md h-64 w-full\"}]]}]]}],\"children\":\"$L16\"}]}]]}]\n"])</script><script>self.__next_f.push([1,"13:[[\"$\",\"meta\",\"0\",{\"charSet\":\"utf-8\"}],[\"$\",\"meta\",\"1\",{\"name\":\"viewport\",\"content\":\"width=device-width, initial-scale=1\"}]]\n"])</script><script>self.__next_f.push([1,"17:I[27201,[\"/_next/static/chunks/ff1a16fafef87110.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\",\"/_next/static/chunks/d2be314c3ece3fbe.js?dpl=dpl_5VNVLvSu6UbYcDkvZSHQ251MMiDd\"],\"IconMark\"]\n11:null\n15:[[\"$\",\"title\",\"0\",{\"children\":\"@codepathfinder/secureflow-cli - npm explorer\"}],[\"$\",\"meta\",\"1\",{\"name\":\"description\",\"content\":\"AI-powered security analysis CLI tool with intelligent file discovery and comprehensive vulnerability scanning\"}],[\"$\",\"link\",\"2\",{\"rel\":\"icon\",\"href\":\"/icon-light-32x32.png\",\"media\":\"(prefers-color-scheme: light)\"}],[\"$\",\"link\",\"3\",{\"rel\":\"icon\",\"href\":\"/icon-dark-32x32.png\",\"media\":\"(prefers-color-scheme: dark)\"}],[\"$\",\"link\",\"4\",{\"rel\":\"icon\",\"href\":\"/icon.svg\",\"type\":\"image/svg+xml\"}],[\"$\",\"link\",\"5\",{\"rel\":\"apple-touch-icon\",\"href\":\"/apple-icon.png\"}],[\"$\",\"$L17\",\"6\",{}]]\n"])</script><title>@codepathfinder/secureflow-cli - npm explorer

@codepathfinder/secureflow-cli

v0.0.8TypeScript

AI-powered security analysis CLI tool with intelligent file discovery and comprehensive vulnerability scanning

security vulnerability analysis ai cli code-review static-analysis defectdojo llm-analysis

0/weekUpdated 1 months agoAGPL-3.0Unpacked: 342.7 KB

Published by Shivasurya

npm install @codepathfinder/secureflow-cli

Repository Homepage npm

SecureFlow CLI

🛡️ AI-Powered Security Analysis for Your Codebase

✨ Features

🚀 Quick Start

$3

From the repository root:

``bash

`Run directly`


node packages/secureflow-cli/bin/secureflow --help
Or install globally (future)

npm install -g @codepathfinder/secureflow-cli


$3
SecureFlow CLI requires an AI model to perform analysis. Set up your API key:

`bash

`Check current configuration`


secureflow config --show
The CLI will prompt for API key configuration on first run

Or manually edit the config file shown in the output

`$3`

`bash

`Scan current directory with default model`


secureflow scan
Scan specific project with Claude

secureflow scan ./my-project --model claude-sonnet-4-5-20250929
Get project profile first

secureflow profile ./my-project


📋 Commands
$3
Performs comprehensive AI-powered security analysis of your project.

`bash secureflow scan [path] [options]`