Skip to content

NP-compete/owasp-agentic-scanner

BranchesTags

Repository files navigation

OWASP Agentic AI Scanner

Lint Test License: MIT

Static analysis tool for detecting security risks from the OWASP Top 10 for Agentic AI Applications.

Installation

pip install owasp-agentic-scanner

Usage

# Scan a directory
owasp-scan scan src/

# Filter by severity
owasp-scan scan src --min-severity high

# Output as SARIF (for CI/CD)
owasp-scan scan src --format sarif --output results.sarif

# List available rules
owasp-scan list-rules

OWASP Top 10 Coverage

ID Risk
AA01 Agent Goal Hijack
AA02 Tool Misuse & Exploitation
AA03 Identity & Privilege Abuse
AA04 Agentic Supply Chain
AA05 Unexpected Code Execution
AA06 Memory Poisoning
AA07 Excessive Agency
AA08 Insecure Plugin Design
AA09 Overreliance on Outputs
AA10 Model Theft

Inline Suppression

eval(expression)  # noqa: AA05

Documentation

Contributing

See CONTRIBUTING.md.

License

MIT - see LICENSE.

About

🛡️ Static analysis scanner for OWASP Top 10 Agentic AI risks. Detect security vulnerabilities in AI agents, LLM apps, and autonomous systems.

genai.owasp.org/resource/owasp-top-10-for-agentic-applications-for-2026/

Topics

python security ai static-analysis owasp security-scanner devsecops sast llm agentic-ai

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Contributing

Contributing

Security policy

Security policy
Activity

Stars

1 star

Watchers

1 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages