AST-based static security scanner for Python. Detects 8 CWE vulnerability classes before deployment — no runtime execution, zero external dependencies, CI/CD ready.
| CWE | Class | Severity |
|---|---|---|
| CWE-89 | SQL Injection | Critical |
| CWE-79 | Cross-Site Scripting | High |
| CWE-22 | Path Traversal | High |
| CWE-78 | OS Command Injection | Critical |
| CWE-94 | Code Injection | Critical |
| CWE-200 | Information Exposure | Medium |
| CWE-269 | Improper Privilege Management | High |
| CWE-352 | Cross-Site Request Forgery | Medium |
pip install corporeus# CLI
ember-scan path/to/code/
# Python API
from corporeus.scanner import scan_file, scan_source
findings = scan_file("app.py")
for f in findings:
print(f"Line {f.line}: CWE-{f.cwe_id} {f.title} [{f.severity}]")- Pure Python stdlib — zero runtime dependencies
- 1-level taint tracking
- False-positive filtering and deduplication
- Confidence scores per finding
- Remediation guidance per CWE class
pip install pytest
pytest tests/ -v54 tests, 0 failing.
| Repo | Role |
|---|---|
| EmberArmor | Runtime enforcement layer |
| EmberHoneypot | AI deception + threat intelligence |
| Corporeus | Static AST vulnerability scanner (this repo) |
| EmberBench | Adversarial evaluation harness |
MIT — see LICENSE