Getting Started

An open-source security suite combining structural code analysis with AI-powered vulnerability detection for modern development teams.

Key Features

Real-time IDE Integration

Bringing security insights directly into your editor as you code

AI-Assisted Analysis

Leveraging LLMs to understand context and identify nuanced vulnerabilities

Unified Workflow Coverage

From local development to pull requests to CI/CD pipelines

Flexible Reporting

Supporting DefectDojo, GitHub Advanced Security, SARIF, and other platforms

Quick Start

New to Code Pathfinder? Check out the Installation Guide for step-by-step instructions on installing via Docker, npm, or from source.

Basic Scan

Run a security scan on your project:

pathfinder scan --rules rules/ --project /path/to/project

CI/CD Integration

Generate machine-readable output for CI/CD pipelines:

# JSON output
pathfinder ci --rules rules/ --project . --output json > results.json

# SARIF output (GitHub Code Scanning)
pathfinder ci --rules rules/ --project . --output sarif > results.sarif

# CSV output
pathfinder ci --rules rules/ --project . --output csv > results.csv

Using Docker

Run scans in a containerized environment:

docker run --rm -v "./src:/src" \
  shivasurya/code-pathfinder:stable-latest \
  ci --project /src --ruleset cpf/java

SecureFlow AI

AI-Powered Security Analysis

SecureFlow brings AI-powered security analysis directly into your development workflow. Supporting 200+ AI models (Claude, GPT, Gemini, Grok, OpenRouter), SecureFlow understands your codebase context to detect real vulnerabilities, catch edge cases, and eliminate false positives.

Traditional SAST has 80% false positives. SecureFlow helps you ship secure code in minutes.

VS Code Extension

Install the SecureFlow extension for real-time security analysis in your editor:

SecureFlow CLI Usage

secureflow scan ./path/to/project

Next Steps

Connect AI Assistant to Codebase →

MCP

Query your code with natural language through Claude Code, Codex, OpenCode, or Windsurf using MCP server

Learn SAST from Scratch →

Master static analysis security testing with our free interactive course - 6 modules, 43 chapters

Browse Security Rules →

Explore our registry of 50+ security rules for Java, Python, and JavaScript

Read the Blog →

Learn about SAST best practices, security engineering, and vulnerability detection

View on GitHub →

Star the repository, report issues, or contribute to the project

Ready to secure your codebase?

Install Code Pathfinder now and start finding real security issues without the noise.

Install Now

Quick start guide

Join Community

GitHub Discussions

Get Help

Contact support