From cf9a5398d5c61e9eb205bafb24f51b5e173818ee Mon Sep 17 00:00:00 2001 From: moamen Date: Wed, 8 Apr 2026 23:52:48 +0200 Subject: [PATCH 1/2] Add VulnHawk to static analysis tools list VulnHawk is an AI-powered code security scanner (Python, MIT licensed) that uses LLMs to understand business logic and detect vulnerabilities like missing auth checks, IDOR flaws, and logic bugs. Supports Python, JavaScript/TypeScript, and Go. Multiple LLM backends (Claude, OpenAI, Ollama). Output formats: JSON, SARIF, Markdown. --- data/tools/vulnhawk.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 data/tools/vulnhawk.yml diff --git a/data/tools/vulnhawk.yml b/data/tools/vulnhawk.yml new file mode 100644 index 000000000..7b0bc165e --- /dev/null +++ b/data/tools/vulnhawk.yml @@ -0,0 +1,18 @@ +name: VulnHawk +categories: + - linter +tags: + - go + - javascript + - python + - security + - typescript +license: MIT +types: + - cli +source: 'https://github.com/momenbasel/vulnhawk' +description: >- + AI-powered code security scanner that uses LLMs to understand business logic + and detect vulnerabilities like missing auth checks, IDOR flaws, and logic bugs + that pattern-matching tools miss. Supports multiple LLM backends (Claude, OpenAI, Ollama) + and outputs JSON, SARIF, and Markdown. Available as CLI and GitHub Action. From 6819c633f6fed60079e1642ca7c958d1421442b9 Mon Sep 17 00:00:00 2001 From: Moamen Basel Date: Fri, 10 Apr 2026 03:37:01 +0200 Subject: [PATCH 2/2] fix: add missing homepage field to vulnhawk.yml --- data/tools/vulnhawk.yml | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/data/tools/vulnhawk.yml b/data/tools/vulnhawk.yml index 7b0bc165e..ed5a9a9ed 100644 --- a/data/tools/vulnhawk.yml +++ b/data/tools/vulnhawk.yml @@ -3,16 +3,21 @@ categories: - linter tags: - go + - java - javascript + - php - python + - ruby - security - typescript license: MIT types: - cli source: 'https://github.com/momenbasel/vulnhawk' +homepage: 'https://github.com/momenbasel/vulnhawk' description: >- - AI-powered code security scanner that uses LLMs to understand business logic - and detect vulnerabilities like missing auth checks, IDOR flaws, and logic bugs - that pattern-matching tools miss. Supports multiple LLM backends (Claude, OpenAI, Ollama) - and outputs JSON, SARIF, and Markdown. Available as CLI and GitHub Action. + AI-powered static analysis tool that uses LLMs to understand business logic + and detect security vulnerabilities like missing auth checks, IDOR flaws, + and logic bugs that pattern-matching SAST tools miss. Supports multiple LLM + backends (Claude, OpenAI, Ollama for local scanning) and outputs SARIF, JSON, + and Markdown. Available as CLI via PyPI and as a GitHub Action.