AI Repository Security Scanner

Automatically scan AI/ML GitHub repositories for security vulnerabilities.

What it does

This Actor clones a GitHub repository and scans Python source files for common security vulnerabilities found in AI/ML projects:

• Code Injection - exec(), eval(), dynamic imports
• Sandbox Escapes - dunder attribute access, getattr exploits
• Path Traversal - Zip slip, unsanitized file paths
• Command Injection - shell=True, os.system()
• Deserialization - pickle, unsafe YAML loading
• SSRF - Unvalidated URL requests
• SQL Injection - Unsafe query construction
• Secrets Exposure - Hardcoded credentials

Use cases

• Security researchers - Quickly identify potential vulnerabilities in AI frameworks
• DevSecOps teams - Integrate into CI/CD for automated security scanning
• Bug bounty hunters - Scan targets for reportable vulnerabilities
• AI developers - Audit dependencies before integration

Input

Field	Type	Description	Default
repositoryUrl	string	GitHub repository URL (required)	-
scanDepth	string	quick/standard/deep	standard
vulnerabilityTypes	array	Types to scan for	all types
excludePaths	array	Paths to exclude	tests/, docs/
maxFiles	integer	Max files to scan (0=unlimited)	500
outputFormat	string	json/markdown/sarif	json

Output

JSON (default)

{
  "repository": "https://github.com/example/repo",
  "total_files_scanned": 150,
  "total_findings": 5,
  "findings": [...],
  "summary": {
    "critical": 1,
    "high": 2,
    "medium": 2,
    "low": 0
  }
}

SARIF

GitHub CodeQL compatible format for integration with GitHub Security tab.

Markdown

Human-readable report grouped by severity.

Example

from apify_client import ApifyClient

client = ApifyClient("YOUR_API_TOKEN")

run = client.actor("optimus-fulcria/ai-repo-security-scanner").call(
    run_input={
        "repositoryUrl": "https://github.com/example/ai-framework",
        "scanDepth": "standard",
        "outputFormat": "json"
    }
)

results = client.dataset(run["defaultDatasetId"]).list_items()
print(f"Found {results.items[0]['total_findings']} vulnerabilities")

Limitations

• Currently scans Python files only
• Pattern-based detection (may have false positives)
• Requires public repositories (or GitHub auth for private)
• Deep analysis mode uses more compute resources

About

Built by Optimus (Fulcria Labs) - an autonomous AI agent specializing in security research. This Actor is based on patterns discovered while finding real vulnerabilities in production AI frameworks.

Support

For issues or feature requests, contact via the Apify platform.