Skip to content

qwexvf/aegis-cli

CLI & Terminal

Supply‑chain security scanner that checks dependencies, lockfiles, and GitHub Actions workflows for vulnerabilities, secrets, risky code patterns, and policy violations across 16 package ecosystems.

Track releases GitHub
Go Latest v0.28.0 · 3d ago Security brief →

Features

  • Batch CVE/GHSA lookup against OSV.dev with FixedIn version info
  • AST‑based static analysis detecting dangerous functions (e.g., shell spawn, dynamic eval)
  • Taint analysis for obfuscated C2 hostnames and unsafe eval chains
  • Hardcoded secret detection in dependency source code
  • Behavior heuristics (curl|sh payloads, typosquat names, maintainer hijacks)
  • Symbol‑level reachability to suppress irrelevant advisories

Recent releases

View all 29 releases →
Review required
v0.28.0 New feature
Dependencies

@qwexvf CLI, registry, AST, heuristics, docs

Open
No immediate action
v0.27.0 New feature

SBOM + Lua AST scanner

Open
No immediate action
v0.26.0 New feature

AST scan + lockfile extraction

Open
No immediate action
v0.25.0 Breaking risk

Exclude placeholder secrets

Open
No immediate action
v0.20.0 New feature

Licensefetch + heuristics

Open

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

About

Stars
2
Forks
0
Languages
Go TypeScript Astro
View on GitHub

Install & Platforms

Install via
go

Similar tools

Buildby
squid-protocol/gitgalaxy](https:
wazuh
kastelldev/kastell
Tanstack Compromise Checker

Beta — feedback welcome: [email protected]