A PAR (Principal-Action-Resource) based security scanner using LLMs and static code analysis.
Next-generation security analysis for all languages
Parsentry is a PAR (Principal-Action-Resource) based security scanner that combines static code analysis with LLMs to detect vulnerabilities across multiple languages including IaC. It provides comprehensive multi-language security analysis with AI-powered vulnerability detection.
- AI-Powered Analysis: Uses Large Language Models for advanced vulnerability detection
- PAR Classification: Principal-Action-Resource framework for security issue discovery
- Multi-Language Support: C, C++, Go, Java, JavaScript, Python, Ruby, Rust, TypeScript, Terraform
- Tree-sitter Parsing: Semantic code analysis for accurate context understanding
- Comprehensive Reports: Detailed markdown reports with confidence scoring and PoC examples
- Call Graph Visualization: Generate function call relationships in multiple formats (JSON, DOT, Mermaid, CSV)
- Cycle Detection: Identify circular dependencies and potential infinite loops
- Security-Focused Analysis: Track attack vectors through function call chains
docker pull ghcr.io/hikaruegashira/parsentry:latest
# replace owner/repository
docker run -e OPENAI_API_KEY=$OPENAI_API_KEY \
-v $(pwd)/reports:/reports \
ghcr.io/hikaruegashira/parsentry:latest \
--repo owner/repository --output-dir /reports --generate-patterns--repo <REPO>: Analyze GitHub repository (owner/repo)--root <PATH>: Analyze local directory--model <MODEL>: supports OpenAI, Anthropic, Google, Groq, Ollama, default: o4-mini--output-dir <DIR>: Directory for markdown reports--generate-patterns: Generate custom patterns from codebase
graph: Generate call graph for code visualization--format <FORMAT>: Output format (json, dot, mermaid, csv), default: json--output <FILE>: Output file path--start-functions <FUNCS>: Comma-separated list of starting functions--max-depth <DEPTH>: Maximum analysis depth, default: 10--include <PATTERNS>: Include patterns (regex)--exclude <PATTERNS>: Exclude patterns (regex)--detect-cycles: Enable cycle detection--security-focus: Focus on security-relevant functions
- Secure Code Game - Security challenges across multiple languages
- Damn Vulnerable MCP Server - MCP protocol vulnerabilities
- TerraGoat - Infrastructure as Code security issues
- CloudGoat - AWS security misconfigurations
- Broken Crystals - Web application security issues
- OWASP/NodeGoat - Node.js vulnerabilities
- Damn Vulnerable GraphQL Application - GraphQL vulnerabilities
# Generate a JSON call graph for the entire project
parsentry graph --root src --format json --output callgraph.json
# Generate a Mermaid diagram starting from main function
parsentry graph --root src --format mermaid --start-functions main --output callgraph.md
# Generate a DOT file for Graphviz visualization with cycle detection
parsentry graph --root src --format dot --detect-cycles --output callgraph.dot
# Focus on security-relevant functions only
parsentry graph --root src --security-focus --include ".*auth.*,.*security.*" --format mermaid- PAR Framework - Principal-Action-Resource security analysis model
- Analysis Flow - How the analysis process works
- Context Building - Code context generation
- Prompts - LLM prompt templates
- Response Schema - Output format specification
- Security Patterns - PAR pattern matching details
This tool is intended for security research and educational purposes only. Do not use the example vulnerable applications in production environments.
AGPL 3.0