Features
Semantic code understanding to find logic-based vulnerabilities
End-to-end verification with working proof-of-concept exploits
PR security reviews on pull requests
Automated threat modeling from real architecture
Business impact prioritization beyond CVSS
Context-aware scanning (codebase, infra, auth flows)
Open-source model only (no proprietary dependency)
Multi-stack support (JS, TS, Python, Go, Java, Ruby, Next.js, Django, Flask, Rails, Express, FastAPI)
Compliance report generation (Pro+)
Custom project context (Pro+)
Basic Software Composition Analysis (SCA)
AI Assistant for security questions
Multi-agent orchestration with handoffs
Sandbox Agents for containerized long-running tasks
Agent-as-tool delegation (v0.15.0+)
Realtime Agents with gpt-realtime-2 voice support (v0.17.6+)
Human-in-the-loop mechanisms
Automatic session history management
Built-in tracing for debugging
Provider-agnostic LLM support (100+ models via LiteLLM)
Redis session support (optional, v0.17.6+)
Instructions, tools, and guardrails configuration
Jupyter notebook compatibility
Supports OpenAI Responses and Chat Completions APIs