Skip to content

TrustSource/sandyaa

BranchesTags
 
 

Repository files navigation

Sandyaa CLI banner

Sandyaa

Autonomous source code audit. Point it at a local directory or a git URL and Sandyaa runs end-to-end until the audit is done — no pausing, no interactive prompts. It builds context, detects vulnerabilities, writes exploitable proof-of-concepts for each finding, and emits a folder of reports. Driven by Claude (and optionally Gemini).

Platforms:

  • macOS — actively tested.
  • Linux — should work (no known blockers), but not yet actively tested. Please file an issue if you hit a platform-specific bug.
  • Windows (native) — not currently supported. Sandyaa shells out using Unix-only commands (which claude) and spawns the Claude CLI without a shell wrapper, so it will fail on native Windows. WSL2 (running the Linux build of Claude Code) should work the same as Linux. Native Windows support is welcome as a PR.

Status: alpha. Expect rough edges and false positives.

What's different

Most LLM-based security scanners shove files at a model and hope. Sandyaa doesn't. Two things set it apart:

  1. No API key — it piggybacks on your Claude Code session. You already pay for Claude Code, Sandyaa just reuses that CLI. Nothing to configure, no billing surprises.
  2. Recursive Language Models (RLM) for large codebases. Instead of one giant context window, the model drives a Python REPL — it writes regex filters, chunks files, spawns sub-LLM queries, and aggregates results in code. Based on arxiv.org/html/2512.24601v1.

Features

  • Runs on your existing Claude Code login — no ANTHROPIC_API_KEY, no setup
  • RLM pipeline with Python REPL, sub-LLM queries, and programmatic aggregation
  • Eight recursive passes: call-chain tracing, data-flow expansion, self-verification, vulnerability chaining, POC refinement, contradiction detection, assumption validation, exploitability proof (src/recursive/recursive-strategy.ts)
  • Attacker-control analysis to drop findings that aren't reachable from untrusted input (src/detector/attacker-control-analyzer.ts)
  • Evidence chain (evidence.json) linking every claim to file + line
  • Dynamic chunk sizing based on code density and token budget
  • Automatic checkpointing — resume interrupted runs
  • Optional Gemini routing via the gemini CLI (also no API key)
  • Ink terminal dashboard for phase / progress / findings
  • POC generation and optional execution to validate findings
  • Autonomous end-to-end: start it, walk away, come back to a findings/ folder

Sandyaa is not a standalone static analyzer — it orchestrates prompts, chunking, and parsing on top of the Claude CLI (and optionally Gemini).

Install

Requirements:

  • macOS (tested), Linux (untested but expected to work), or Windows via WSL2. Native Windows is not currently supported — see the platform note above.
  • Node.js 18 or newer
  • Claude Code installed and logged in
  • git (used to clone remote targets; Sandyaa will try to install it automatically on macOS/Linux if missing)
  • Optional: gemini CLI, if you want Gemini-backed phases
git clone https://github.com/securelayer7/sandyaa.git
cd sandyaa
npm install
npm run build
npm link      # installs the `sandyaa` command globally

No API key needed. Sandyaa shells out to the Claude Code CLI, so as long as you are logged into Claude Code it uses your existing session — nothing to configure, no ANTHROPIC_API_KEY to set.

Gemini (optional)

Some analysis phases can run on Gemini instead of Claude. This is opt-in and auto-detected:

  • If the gemini CLI is on your PATH and authenticated, Sandyaa will use it — no API key needed (it reuses the CLI's own login).
  • If you prefer the REST API, export GEMINI_API_KEY before running Sandyaa. This is only used to auto-resolve the latest Gemini model tiers at startup; without it, static defaults are used.

If neither is available, Sandyaa simply runs everything on Claude.

Usage

# Local directory
sandyaa /path/to/project

# Remote git URL (cloned into a temp directory)
sandyaa https://github.com/user/repo

# Custom config
sandyaa -c ./my-config.yaml /path/to/project

# Ignore an existing checkpoint and start over
sandyaa --fresh /path/to/project

Findings are written under findings/ in the target directory.

Configuration

Sandyaa reads .sandyaa/config.yaml from the current working directory. A minimal example:

target:
  path: /path/to/codebase
  language: auto

analysis:
  chunk_size: 15
  depth: maximum

detection:
  min_severity: high
  exploitability_threshold: 0.7

output:
  findings_dir: ./findings
  generate_pocs: true
  validate_pocs: true

Output layout

findings/
├── bug-001-sql-injection/
│   ├── analysis.md
│   ├── poc.py
│   ├── SETUP.md
│   └── evidence.json
├── bug-002-xss/
│   └── ...
└── SUMMARY.md

evidence.json links each claim back to specific file paths and line numbers.

What it looks for

  • Memory safety: use-after-free, buffer overflow, type confusion, double-free
  • Logic bugs: auth bypass, TOCTOU, state machine errors
  • Injection: SQL, command, XSS, SSRF, path traversal
  • Crypto misuse: weak algorithms, ECB, hardcoded keys, bad randomness
  • Concurrency: races, atomicity violations
  • Integer issues: overflow, underflow, truncation, signedness
  • Unsafe APIs: deserialization, XXE, prototype pollution

Which of these run on a given chunk depends on the planner's view of the code.

TrustSource Integration

Sandyaa can export findings in SARIF 2.1.0 format and upload them directly to TrustSource, which maps code-level vulnerabilities to modules in its threat model (OTM).

Generate the SARIF report only

Pass --sarif when running a scan:

sandyaa --sarif /path/to/project

The report is written alongside the existing Markdown output:

findings/<scan-name>/sarif-report.json

Upload directly to TrustSource

Set TRUSTSOURCE_API_KEY and pass --ts-upload <module>. The SARIF file is generated automatically — no need to also pass --sarif.

export TRUSTSOURCE_API_KEY=<your-api-token>

# Module name only — searches existing modules in the company
sandyaa --ts-upload my-module /path/to/project

# Module name + project — auto-creates module inside the project if needed
sandyaa --ts-upload my-module --ts-project my-project /path/to/project

# Module UUID — direct, unambiguous lookup
sandyaa --ts-upload 550e8400-e29b-41d4-a716-446655440000 /path/to/project

If the upload fails, Sandyaa prints the HTTP status and response body. The local SARIF file is always preserved regardless of upload outcome.

For on-prem TrustSource installations, set TRUSTSOURCE_BASE_URL to override the default https://app.trustsource.io.

The SARIF file uses paths relative to the scan root, matches SARIF schema version 2.1.0, and includes Sandyaa-specific fields (exploitability score, verification status, blast radius, etc.) in the properties bag of each result.

Claude Code Skill

Sandyaa can be used as a Claude Code skill, so you can run security scans directly from a Claude Code session with /security-scan.

Installation

Copy the skill into your Claude Code skills directory:

mkdir -p ~/.claude/skills/security-scan
cp docs/skills/security-scan.md ~/.claude/skills/security-scan/SKILL.md

Usage

Once installed, Claude Code recognizes the skill automatically. You can invoke it with:

  • /security-scan — Claude will ask what to scan
  • "Scan this project for security vulnerabilities"
  • "Run a security analysis of /path/to/project"
  • "Run Sandyaa with SARIF output against my-service"
  • "Scan this repo and upload findings to TrustSource module my-module"

Claude handles the full workflow: runs the scan in the background, waits for completion, reads the findings, and presents a structured summary. You can then ask follow-up questions about specific findings.

What the skill does

  1. Resolves the target path and scan options from your request
  2. Validates prerequisites (Sandyaa installed, API keys set if uploading)
  3. Runs sandyaa with the appropriate flags in the background
  4. Reads the scan output and findings manifest when complete
  5. Presents a summary table with severity counts, verification status, and top findings
  6. Offers to show detailed analysis for specific findings

Customization

The skill file at ~/.claude/skills/security-scan/SKILL.md is plain Markdown — you can edit it to change defaults, add project-specific scan profiles, or adjust the summary format.

Share your CVEs

If Sandyaa helped you find a bug that was assigned a CVE, we'd like to know. Open a PR adding an entry to CVES.md (or a GitHub issue if you prefer) with:

  • CVE ID
  • Affected project and version
  • One-line description
  • Link to the public advisory or writeup
  • Which Sandyaa phase surfaced it (context building, detection, recursive pass, etc.) — optional, but useful feedback for the tool

Only include CVEs that are already publicly disclosed. Do not submit embargoed findings.

Contributing

Maintained by SecureLayer7, who have used Sandyaa to surface a number of zero-days during their research. You don't have to wait for Mythos or the next Claude model — Sandyaa already finds real bugs on the current Claude Code. Run it against code you own or are authorized to test and see what it turns up.

Bug reports, patches, and PRs are welcome. If you find something real, add it under a case-studies/ folder — include the target repo and commit hash, the analysis.md, and evidence.json. Redact anything sensitive before submitting.

License

MIT. See LICENSE.

About

Autonomous code auditor that keeps digging until it finds and proves real bugs.

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages

  • TypeScript 98.2%
  • JavaScript 1.8%