Cette page est affichée en anglais. Une traduction française est en cours.
CLI ToolsMay 12, 2026·2 min de lecture

OpenAnt — Verified Vuln Pipeline CLI (Go + Python)

OpenAnt is a defensive vulnerability discovery CLI: it parses a repo, analyzes findings, and runs verification steps so security output is evidence-backed.

Prêt pour agents

Staging sûr pour cet actif

Cet actif est d'abord staged. Le prompt copié demande à l'agent d'inspecter les fichiers staged avant d'activer scripts, config MCP ou config globale.

Stage only · 17/100Policy : staging
Surface agent
Tout agent MCP/CLI
Type
CLI Tool
Installation
Stage only
Confiance
Confiance : Established
Point d'entrée
Asset
Commande de staging sûr
npx -y tokrepo@latest install e5430558-d51c-51a0-b969-a73f63fca6eb --target codex

Stage les fichiers d'abord; l'activation exige la revue du README et du plan staged.

Introduction

OpenAnt is a defensive vulnerability discovery CLI: it parses a repo, analyzes findings, and runs verification steps so security output is evidence-backed.

  • Best for: Teams who want a repeatable, evidence-first security pipeline instead of one-off assistant output
  • Works with: Go 1.25+ for the CLI; Python 3.11+ runtime; Anthropic API key required for analyze/verify/scan (per README)
  • Setup time: 15–30 minutes

Practical Notes

  • GitHub: 545 stars · 82 forks; pushed 2026-05-12 (verified via GitHub API).
  • README documents a full pipeline: parse → enhance → analyze → verify → report, plus one-shot scan --verify.
  • The CLI stores config under ~/.config/openant/ (0600 perms) and project data under ~/.openant/ (per README).

Main

How to use OpenAnt effectively (and safely):

  1. Treat it like a pipeline. Don’t skip straight to a report—run parse and enhance first so later steps have context.
  2. Make verification a gate, not a footnote. Anything that fails verify should be labeled “hypothesis” and triaged separately.
  3. Standardize language flags (-l go / -l python) and pin a commit (--commit <sha>) when you want reproducibility.
  4. Use project switch to manage multiple repos and keep a clean artifact trail per project.

The goal isn’t “more findings”; it’s fewer false positives and stronger evidence for the findings you keep.

FAQ

Q: Is it offensive or defensive? A: Defensive/research. The README’s legal notice says to scan only code you own or have permission to test.

Q: Why both Go and Python? A: Per README: the Go binary is the CLI front-end, while parsing/analysis/reporting code runs on Python 3.11+.

Q: What’s the fastest run mode? A: Use openant scan --verify for the full pipeline in one command once you’ve initialized the project.

🙏

Source et remerciements

Source: https://github.com/knostic/OpenAnt > License: Apache-2.0 > GitHub stars: 545 · forks: 82

Fil de discussion

Connectez-vous pour rejoindre la discussion.
Aucun commentaire pour l'instant. Soyez le premier à partager votre avis.

Actifs similaires