chore: import upstream snapshot with attribution
CI / Shell Format Check (push) Has been cancelled
CI / Check Ruby (3.4) (push) Has been cancelled
CI / CI Config (push) Has been cancelled
CI / Test on Node ${{ matrix.node }} and ${{ matrix.os }}${{ matrix.shard && format(' (shard {0}/3)', matrix.shard) || '' }} (push) Has been cancelled
CI / Build on Node ${{ matrix.node }} (push) Has been cancelled
CI / Style Check (push) Has been cancelled
CI / Generate Assets (push) Has been cancelled
CI / Check Python (3.14) (push) Has been cancelled
CI / Check Python (3.9) (push) Has been cancelled
CI / Build Docs (push) Has been cancelled
CI / Code Scan Action (push) Has been cancelled
CI / Site tests (push) Has been cancelled
CI / webui tests (push) Has been cancelled
CI / Run Integration Tests (push) Has been cancelled
CI / Run Smoke Tests (push) Has been cancelled
CI / Go Tests (push) Has been cancelled
CI / Share Test (push) Has been cancelled
CI / Redteam (Production API) (push) Has been cancelled
CI / Redteam (Staging API) (push) Has been cancelled
CI / GitHub Actions Lint (push) Has been cancelled
CI / Check Ruby (3.0) (push) Has been cancelled
release-please / release-please (push) Has been cancelled
release-please / build (push) Has been cancelled
release-please / publish-npm (push) Has been cancelled
release-please / publish-npm-backfill (push) Has been cancelled
release-please / docker (push) Has been cancelled
release-please / publish-code-scan-action (push) Has been cancelled
release-please / attest-code-scan-action (push) Has been cancelled
Deploy local.promptfoo.app / Deploy to Cloudflare Pages (push) Has been cancelled
Test and Publish Multi-arch Docker Image / test (push) Has been cancelled
Test and Publish Multi-arch Docker Image / build-docker-and-push-digests (map[digest-suffix:linux-amd64 platform:linux/amd64 runner:ubuntu-latest]) (push) Has been cancelled
Test and Publish Multi-arch Docker Image / build-docker-and-push-digests (map[digest-suffix:linux-arm64 platform:linux/arm64 runner:ubuntu-24.04-arm]) (push) Has been cancelled
Test and Publish Multi-arch Docker Image / merge-docker-digests (push) Has been cancelled
Test and Publish Multi-arch Docker Image / Attest Multi-arch Image (push) Has been cancelled
Validate Renovate Config / Validate Renovate Configuration (push) Has been cancelled
CI / Shell Format Check (push) Has been cancelled
CI / Check Ruby (3.4) (push) Has been cancelled
CI / CI Config (push) Has been cancelled
CI / Test on Node ${{ matrix.node }} and ${{ matrix.os }}${{ matrix.shard && format(' (shard {0}/3)', matrix.shard) || '' }} (push) Has been cancelled
CI / Build on Node ${{ matrix.node }} (push) Has been cancelled
CI / Style Check (push) Has been cancelled
CI / Generate Assets (push) Has been cancelled
CI / Check Python (3.14) (push) Has been cancelled
CI / Check Python (3.9) (push) Has been cancelled
CI / Build Docs (push) Has been cancelled
CI / Code Scan Action (push) Has been cancelled
CI / Site tests (push) Has been cancelled
CI / webui tests (push) Has been cancelled
CI / Run Integration Tests (push) Has been cancelled
CI / Run Smoke Tests (push) Has been cancelled
CI / Go Tests (push) Has been cancelled
CI / Share Test (push) Has been cancelled
CI / Redteam (Production API) (push) Has been cancelled
CI / Redteam (Staging API) (push) Has been cancelled
CI / GitHub Actions Lint (push) Has been cancelled
CI / Check Ruby (3.0) (push) Has been cancelled
release-please / release-please (push) Has been cancelled
release-please / build (push) Has been cancelled
release-please / publish-npm (push) Has been cancelled
release-please / publish-npm-backfill (push) Has been cancelled
release-please / docker (push) Has been cancelled
release-please / publish-code-scan-action (push) Has been cancelled
release-please / attest-code-scan-action (push) Has been cancelled
Deploy local.promptfoo.app / Deploy to Cloudflare Pages (push) Has been cancelled
Test and Publish Multi-arch Docker Image / test (push) Has been cancelled
Test and Publish Multi-arch Docker Image / build-docker-and-push-digests (map[digest-suffix:linux-amd64 platform:linux/amd64 runner:ubuntu-latest]) (push) Has been cancelled
Test and Publish Multi-arch Docker Image / build-docker-and-push-digests (map[digest-suffix:linux-arm64 platform:linux/arm64 runner:ubuntu-24.04-arm]) (push) Has been cancelled
Test and Publish Multi-arch Docker Image / merge-docker-digests (push) Has been cancelled
Test and Publish Multi-arch Docker Image / Attest Multi-arch Image (push) Has been cancelled
Validate Renovate Config / Validate Renovate Configuration (push) Has been cancelled
This commit is contained in:
@@ -0,0 +1,245 @@
|
||||
---
|
||||
title: CLI Command
|
||||
sidebar_label: CLI Command
|
||||
sidebar_position: 3
|
||||
description: Scan code changes for LLM security vulnerabilities using the promptfoo code-scans command.
|
||||
---
|
||||
|
||||
# CLI Command
|
||||
|
||||
The `promptfoo code-scans` command scans code changes for LLM-related security vulnerabilities, helping you identify prompt injection risks, jailbreaks, PII exposure, and other security issues before they reach production.
|
||||
|
||||
## Quick Start
|
||||
|
||||
Install promptfoo globally:
|
||||
|
||||
```bash
|
||||
npm install -g promptfoo
|
||||
```
|
||||
|
||||
Authenticate with your promptfoo account:
|
||||
|
||||
```bash
|
||||
promptfoo auth login
|
||||
```
|
||||
|
||||
Run a scan on your current branch:
|
||||
|
||||
```bash
|
||||
promptfoo code-scans run
|
||||
```
|
||||
|
||||
## Running Time
|
||||
|
||||
Depending on the size of your PR and codebase, the scan can take anywhere from a minute or two to 20 minutes or more. That said, most PRs take between 3 and 10 minutes.
|
||||
|
||||
## Command Options
|
||||
|
||||
### Basic Usage
|
||||
|
||||
```bash
|
||||
promptfoo code-scans run [repo-path] [options]
|
||||
```
|
||||
|
||||
### Options
|
||||
|
||||
| Option | Description | Default |
|
||||
| --------------------------------- | --------------------------------------------------------------------------------------------------- | ---------------------------------------------------- |
|
||||
| `repo-path` | Path to repository | Current directory (`.`) |
|
||||
| `--api-key <key>` | Promptfoo API key | From `promptfoo auth` or `PROMPTFOO_API_KEY` env var |
|
||||
| `--base <ref>` | Base branch/commit to compare against | Auto-detects either main or master |
|
||||
| `--compare <ref>` | Branch/commit to scan | `HEAD` |
|
||||
| `--config <path>` | Path to config file | `.promptfoo-code-scan.yaml` |
|
||||
| `--guidance <text>` | Custom guidance to tailor the scan | None |
|
||||
| `--guidance-file <path>` | Load guidance from a file | None |
|
||||
| `--api-host <url>` | Promptfoo API host URL | `https://api.promptfoo.app` |
|
||||
| `--diffs-only` | Scan only PR diffs, don't explore full repo | false |
|
||||
| `--json` | Output results as JSON ([see schema](#json-output-schema)) | false |
|
||||
| `-f, --format <format>` | Output format (`text`, `json`, or `sarif`) | `text` |
|
||||
| `--github-pr <owner/repo#number>` | Post comments to GitHub PR (used with [Promptfoo GitHub Action](/docs/code-scanning/github-action)) | None |
|
||||
|
||||
### Examples
|
||||
|
||||
**Scan diffs for current branch, comparing against main (or master):**
|
||||
|
||||
```bash
|
||||
promptfoo code-scans run
|
||||
```
|
||||
|
||||
**Scan diffs for specific branch against main:**
|
||||
|
||||
```bash
|
||||
promptfoo code-scans run --compare feature/new-llm-integration
|
||||
```
|
||||
|
||||
**Scan diffs between two commits:**
|
||||
|
||||
```bash
|
||||
promptfoo code-scans run --base ffa1b2d3 --compare a9c7e5b6
|
||||
```
|
||||
|
||||
**Scan with custom config:**
|
||||
|
||||
```bash
|
||||
promptfoo code-scans run --config custom-scan-config.yaml
|
||||
```
|
||||
|
||||
**Get JSON output:**
|
||||
|
||||
```bash
|
||||
promptfoo code-scans run --json
|
||||
```
|
||||
|
||||
See [JSON Output Schema](#json-output-schema) for the response format.
|
||||
|
||||
**Get SARIF output for security tooling:**
|
||||
|
||||
```bash
|
||||
promptfoo code-scans run --format sarif > promptfoo-code-scan.sarif
|
||||
```
|
||||
|
||||
SARIF output includes location-backed findings that GitHub Code Scanning can display.
|
||||
|
||||
## Configuration File
|
||||
|
||||
Create a `.promptfoo-code-scan.yaml` file in your repository root:
|
||||
|
||||
```yaml
|
||||
# Minimum severity level to report (low|medium|high|critical)
|
||||
# Both minSeverity and minimumSeverity are supported
|
||||
minSeverity: medium
|
||||
|
||||
# Scan only PR diffs without filesystem exploration (default: false = explore full repo)
|
||||
diffsOnly: false
|
||||
|
||||
# Optional: Custom guidance to tailor the scan to your needs
|
||||
guidance: |
|
||||
Focus on authentication and authorization vulnerabilities.
|
||||
Treat any PII exposure as high severity.
|
||||
|
||||
# Or load guidance from a file (path relative to config file)
|
||||
# guidanceFile: ./scan-guidance.md
|
||||
|
||||
# Optional: Promptfoo API host URL
|
||||
# apiHost: https://api.promptfoo.dev
|
||||
```
|
||||
|
||||
## Custom Guidance
|
||||
|
||||
You can provide custom guidance to tailor scans to your specific needs. See the [overview](./index.md#custom-guidance) for what guidance can do.
|
||||
|
||||
**Via command line:**
|
||||
|
||||
```bash
|
||||
# Inline guidance
|
||||
promptfoo code-scans run --guidance "Focus on authentication vulnerabilities in the /src/auth directory"
|
||||
|
||||
# Load from file
|
||||
promptfoo code-scans run --guidance-file ./scan-guidance.md
|
||||
```
|
||||
|
||||
**Via config file:**
|
||||
|
||||
```yaml
|
||||
# Inline guidance
|
||||
guidance: |
|
||||
Focus on authentication and authorization vulnerabilities.
|
||||
Treat any PII exposure as high severity.
|
||||
|
||||
# Or load from file
|
||||
guidanceFile: ./scan-guidance.md
|
||||
```
|
||||
|
||||
## Authentication
|
||||
|
||||
The code scanner supports multiple authentication methods (checked in order):
|
||||
|
||||
1. **CLI argument**: `--api-key <key>`
|
||||
2. **Environment variable**: `PROMPTFOO_API_KEY=<key>`
|
||||
3. **Promptfoo auth**: `promptfoo auth login`
|
||||
4. **GitHub OIDC** (when used in the [Promptfoo GitHub Action](/docs/code-scanning/github-action)): Automatic
|
||||
|
||||
### Using promptfoo auth
|
||||
|
||||
```bash
|
||||
# Login once
|
||||
promptfoo auth login
|
||||
|
||||
# Then run scans without --api-key
|
||||
promptfoo code-scans run
|
||||
```
|
||||
|
||||
### Using environment variable
|
||||
|
||||
```bash
|
||||
export PROMPTFOO_API_KEY=your-api-key
|
||||
promptfoo code-scans run
|
||||
```
|
||||
|
||||
### Using --api-key argument
|
||||
|
||||
```bash
|
||||
promptfoo code-scans run --api-key your-api-key
|
||||
```
|
||||
|
||||
## JSON Output Schema
|
||||
|
||||
When using `--json`, the scan outputs a JSON object to stdout with the following structure:
|
||||
|
||||
### Response Object
|
||||
|
||||
| Field | Type | Description |
|
||||
| ---------------- | ----------- | ----------------------------------------------------------------------------------------------------------------- |
|
||||
| `success` | `boolean` | Whether the scan completed successfully |
|
||||
| `review` | `string` | Overall review summary of the scan |
|
||||
| `comments` | `Comment[]` | Array of findings (see below) |
|
||||
| `commentsPosted` | `boolean` | Whether comments were posted to a PR |
|
||||
| `skipReason` | `string` | Set when the scan was intentionally skipped (e.g. fork PR awaiting maintainer approval); `comments` will be empty |
|
||||
| `error` | `string` | Error message if the scan failed |
|
||||
|
||||
### Comment Object
|
||||
|
||||
| Field | Type | Description |
|
||||
| --------------- | -------- | ---------------------------------------------- |
|
||||
| `file` | `string` | File path where the issue was found, or null |
|
||||
| `line` | `number` | Line number of the finding, or null |
|
||||
| `startLine` | `number` | Start line for multi-line findings, or null |
|
||||
| `finding` | `string` | Description of the security issue |
|
||||
| `fix` | `string` | Suggested fix for the issue |
|
||||
| `severity` | `string` | `critical`, `high`, `medium`, `low`, or `none` |
|
||||
| `aiAgentPrompt` | `string` | Prompt for AI coding agents to fix the issue |
|
||||
|
||||
### Example
|
||||
|
||||
```json
|
||||
{
|
||||
"success": true,
|
||||
"review": "The PR introduces an LLM-powered support chat feature. The main security concerns are around prompt injection via user messages and insufficient output validation.",
|
||||
"comments": [
|
||||
{
|
||||
"file": "src/chat/handler.ts",
|
||||
"line": 42,
|
||||
"startLine": 40,
|
||||
"finding": "User input is passed directly to the LLM prompt without sanitization, allowing prompt injection attacks.",
|
||||
"fix": "Sanitize user input and use a system prompt that instructs the model to ignore injected instructions.",
|
||||
"severity": "critical",
|
||||
"aiAgentPrompt": "In src/chat/handler.ts around line 42, add input sanitization before passing user messages to the LLM. Use a system prompt with injection-resistant instructions."
|
||||
},
|
||||
{
|
||||
"file": "src/chat/handler.ts",
|
||||
"line": 87,
|
||||
"startLine": null,
|
||||
"finding": "LLM responses are rendered as raw HTML without escaping, which could allow cross-site scripting if the model is manipulated.",
|
||||
"fix": "Escape or sanitize LLM output before rendering it in the UI.",
|
||||
"severity": "high",
|
||||
"aiAgentPrompt": "In src/chat/handler.ts at line 87, escape the LLM response output before inserting it into the DOM to prevent XSS."
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
## See Also
|
||||
|
||||
- [Code Scanning Overview](./index.md)
|
||||
- [GitHub Action](./github-action.md)
|
||||
- [VS Code Extension](./vscode-extension.md)
|
||||
@@ -0,0 +1,221 @@
|
||||
---
|
||||
title: GitHub Action
|
||||
sidebar_label: GitHub Action
|
||||
sidebar_position: 2
|
||||
description: Automatically scan pull requests for LLM security vulnerabilities with the promptfoo Code Scan GitHub Action. Find prompt injection, PII exposure, and jailbreak risks in CI/CD.
|
||||
---
|
||||
|
||||
# GitHub Action
|
||||
|
||||
Automatically scan pull requests for LLM security vulnerabilities with promptfoo's [code scanning GitHub action.](/code-scanning/github-action/)
|
||||
|
||||
The scanner analyzes code changes for prompt injection, PII exposure, excessive agency, and other LLM-specific risks. After scanning, findings are posted with severity levels and suggested fixes as PR review comments.
|
||||
|
||||
<img src="/img/docs/code-scanning/github.png" alt="Code Scan Action results on PR" style={{borderRadius: '8px', border: '1px solid rgba(0,0,0,0.1)', boxShadow: '0 2px 8px rgba(0,0,0,0.08)'}} />
|
||||
<br/>
|
||||
<br/>
|
||||
|
||||
## Quick Start
|
||||
|
||||
The easiest way to get started is by installing the Promptfoo Scanner GitHub App:
|
||||
|
||||
1. **Install the GitHub App**: Go to [github.com/apps/promptfoo-scanner](https://github.com/apps/promptfoo-scanner) and install the app
|
||||
2. **Select repositories**: Choose which repositories to enable scanning for
|
||||
3. **Submit your email or sign in**: You'll be redirected to promptfoo.dev to either submit your email or sign in to your account (an account is not required—just a valid email address)
|
||||
4. **Review the setup PR**: A pull request will be automatically opened in each repository you selected in step 2—it adds the Code Scan Action workflow to `.github/workflows/promptfoo-code-scan.yml`
|
||||
5. **Merge the PR**: you can tweak the workflow configuration if desired, and merge when ready.
|
||||
|
||||
Once merged, the scanner will automatically run on future pull requests, posting review comments for any security issues found.
|
||||
|
||||
:::info
|
||||
When using the GitHub App:
|
||||
|
||||
- Authentication is handled automatically with GitHub OIDC. No API key, token, or other configuration is needed.
|
||||
- No Promptfoo Cloud account is needed—just a valid email address.
|
||||
:::
|
||||
|
||||
## Configuration
|
||||
|
||||
### Action Inputs
|
||||
|
||||
Most CLI options from [`promptfoo code-scans run`](/docs/code-scanning/cli) can be used as action inputs:
|
||||
|
||||
| Input | Description | Default |
|
||||
| ------------------- | ---------------------------------------------------------------------------------------------------------------------------------------- | --------------------------- |
|
||||
| `api-host` | Promptfoo API host URL | `https://api.promptfoo.app` |
|
||||
| `min-severity` | Minimum severity to report (`low`, `medium`, `high`, `critical`) | `medium` |
|
||||
| `minimum-severity` | Alias for `min-severity`. Takes effect only when `min-severity` is unset; if both are set, `min-severity` wins and a warning is emitted. | None |
|
||||
| `config-path` | Path to `.promptfoo-code-scan.yaml` config file | Auto-detected |
|
||||
| `guidance` | Custom guidance to tailor the scan (see [CLI docs][1]) | None |
|
||||
| `guidance-file` | Path to file containing custom guidance (see [CLI docs][1]) | None |
|
||||
| `enable-fork-prs` | Enable scanning PRs from forked repositories | `false` |
|
||||
| `promptfoo-version` | Exact `promptfoo` CLI version to install for scanning (e.g. `0.121.0`). Ranges and dist-tags are rejected. | Version pinned at release |
|
||||
| `sarif-output-path` | Optional path to write SARIF output for GitHub Code Scanning | None |
|
||||
|
||||
[1]: [More on custom guidance](/docs/code-scanning/cli#custom-guidance)
|
||||
|
||||
### Triggering Additional Scans
|
||||
|
||||
If you made changes to your PR and want to run another scan, you can trigger a new scan by commenting on the PR with `@promptfoo-scanner`.
|
||||
|
||||
### Fork Pull Requests
|
||||
|
||||
By default, code scanning is disabled for fork PRs. This is because any GitHub user can open a fork PR on public repositories.
|
||||
|
||||
To trigger a scan on a fork PR, a maintainer with `write` permissions on the repository can comment on the PR with `@promptfoo-scanner`.
|
||||
|
||||
To enable scanning of fork PRs by default, add `enable-fork-prs: true` to your workflow file (`.github/workflows/promptfoo-code-scan.yml` in the main branch):
|
||||
|
||||
```yaml
|
||||
- name: Run Promptfoo Code Scan
|
||||
uses: promptfoo/code-scan-action@v0
|
||||
with:
|
||||
enable-fork-prs: true
|
||||
```
|
||||
|
||||
### Examples
|
||||
|
||||
**Scan with custom severity threshold:**
|
||||
|
||||
```yaml
|
||||
- name: Run Promptfoo Code Scan
|
||||
uses: promptfoo/code-scan-action@v0
|
||||
with:
|
||||
min-severity: medium # Report medium, high and critical issues (also the default when omitted)
|
||||
```
|
||||
|
||||
**Use custom guidance:**
|
||||
|
||||
```yaml
|
||||
- name: Run Promptfoo Code Scan
|
||||
uses: promptfoo/code-scan-action@v0
|
||||
with:
|
||||
guidance: |
|
||||
Focus on the document ingestion flow.
|
||||
Treat any potential PII exposure as critical severity.
|
||||
```
|
||||
|
||||
**Load custom guidance from a file:**
|
||||
|
||||
```yaml
|
||||
- name: Run Promptfoo Code Scan
|
||||
uses: promptfoo/code-scan-action@v0
|
||||
with:
|
||||
guidance-file: ./promptfoo-scan-guidance.md
|
||||
```
|
||||
|
||||
**Use config file:**
|
||||
|
||||
```yaml
|
||||
- name: Run Promptfoo Code Scan
|
||||
uses: promptfoo/code-scan-action@v0
|
||||
with:
|
||||
config-path: .promptfoo-code-scan.yaml
|
||||
```
|
||||
|
||||
**Write SARIF output for GitHub Code Scanning:**
|
||||
|
||||
The action sets `sarif-path` only when a scan actually completes, so keep the upload step conditional. Intentionally skipped scans do not publish a clean Code Scanning result.
|
||||
|
||||
```yaml
|
||||
- name: Run Promptfoo Code Scan
|
||||
id: promptfoo-code-scan
|
||||
uses: promptfoo/code-scan-action@v0
|
||||
with:
|
||||
sarif-output-path: promptfoo-code-scan.sarif
|
||||
|
||||
- name: Upload SARIF to GitHub Code Scanning
|
||||
if: ${{ steps.promptfoo-code-scan.outputs.sarif-path != '' }}
|
||||
uses: github/codeql-action/upload-sarif@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # v4.36.3
|
||||
with:
|
||||
sarif_file: ${{ steps.promptfoo-code-scan.outputs.sarif-path }}
|
||||
category: promptfoo-code-scan
|
||||
```
|
||||
|
||||
### Configuration File
|
||||
|
||||
Create a `.promptfoo-code-scan.yaml` in your repository root. See the [CLI documentation](/docs/code-scanning/cli#configuration-file) for all available options.
|
||||
|
||||
```yaml
|
||||
# Minimum severity level to report
|
||||
minSeverity: medium
|
||||
|
||||
# Scan only PR diffs without filesystem exploration (default: false)
|
||||
diffsOnly: false
|
||||
|
||||
# Custom guidance to tailor the scan
|
||||
guidance: |
|
||||
Focus on authentication and authorization vulnerabilities.
|
||||
Treat any PII exposure as high severity.
|
||||
```
|
||||
|
||||
## Manual Installation
|
||||
|
||||
You can also install the action manually without the GitHub App. When using manual installation:
|
||||
|
||||
- Some features may not be available through the manual action installation, so the GitHub App is the recommended way to use the action
|
||||
- PR comments appear to come from the generic `github-actions[bot]` instead of the official Promptfoo Scanner bot with the Promptfoo logo
|
||||
- A Promptfoo Cloud account is required (rather than just a valid email address when using the GitHub App). You can [sign up or sign in here.](https://www.promptfoo.app/login)
|
||||
- You'll need a [Promptfoo API token](https://www.promptfoo.app/api-tokens) for authentication
|
||||
|
||||
### Workflow Configuration
|
||||
|
||||
Add this workflow to your repository at `.github/workflows/promptfoo-code-scan.yml`:
|
||||
|
||||
```yaml
|
||||
name: Promptfoo Code Scan
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
types: [opened]
|
||||
|
||||
jobs:
|
||||
security-scan:
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
contents: read
|
||||
pull-requests: write
|
||||
security-events: write
|
||||
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Run Promptfoo Code Scan
|
||||
id: promptfoo-code-scan
|
||||
uses: promptfoo/code-scan-action@v0
|
||||
env:
|
||||
PROMPTFOO_API_KEY: ${{ secrets.PROMPTFOO_API_KEY }}
|
||||
with:
|
||||
github-token: ${{ secrets.GITHUB_TOKEN }}
|
||||
min-severity: medium # or any other severity threshold: low, medium, high, critical
|
||||
sarif-output-path: promptfoo-code-scan.sarif
|
||||
# ... other configuration options...
|
||||
|
||||
- name: Upload SARIF to GitHub Code Scanning
|
||||
if: ${{ steps.promptfoo-code-scan.outputs.sarif-path != '' }}
|
||||
uses: github/codeql-action/upload-sarif@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # v4.36.3
|
||||
with:
|
||||
sarif_file: ${{ steps.promptfoo-code-scan.outputs.sarif-path }}
|
||||
category: promptfoo-code-scan
|
||||
```
|
||||
|
||||
The example pins the third-party actions to full commit SHAs with version comments. Tags such as `v0` are convenient but mutable; a commit SHA is the only immutable reference. For maximum assurance, pin `promptfoo/code-scan-action` the same way — resolve a release tag to its commit with `gh api repos/promptfoo/code-scan-action/commits/<tag> --jq .sha` and use `uses: promptfoo/code-scan-action@<full-commit-sha> # <tag>`.
|
||||
|
||||
## Supply Chain Security
|
||||
|
||||
The hardening below applies to code-scan-action releases after v0.1.8; earlier releases resolve `promptfoo@latest` at runtime and predate the provenance attestation.
|
||||
|
||||
- The action installs an exact, release-pinned version of the `promptfoo` CLI with npm lifecycle scripts disabled (`--ignore-scripts`); it does not resolve `promptfoo@latest` at runtime. Use the `promptfoo-version` input to override the pin with another exact version.
|
||||
- The `dist/` bundle and `action.yml` committed to [promptfoo/code-scan-action](https://github.com/promptfoo/code-scan-action) are built and exported by the promptfoo monorepo release workflow, which publishes a signed build-provenance attestation for the exact artifact bytes. Verify a checkout with `gh attestation verify dist/index.js --repo promptfoo/promptfoo` (and likewise for `action.yml`).
|
||||
- The scanner install strips npm config and `NODE_OPTIONS` from its environment and isolates its npm config files, but a step that runs pull-request-controlled code earlier in the same job (such as `npm ci` or a build) can persist state — `$GITHUB_PATH`, `$GITHUB_ENV`, or `$HOME` writes — that later steps inherit, and it already runs with the job's token. Keep the scan in a job that only checks out and scans the PR; run untrusted build steps in a separate job.
|
||||
|
||||
## See Also
|
||||
|
||||
- [Code Scanning Overview](./index.md)
|
||||
- [VS Code Extension](./vscode-extension.md)
|
||||
- [CLI Command](./cli.md)
|
||||
- [Promptfoo Scanner GitHub App](https://github.com/apps/promptfoo-scanner)
|
||||
- [Promptfoo Code Scan Action on GitHub](https://github.com/promptfoo/code-scan-action)
|
||||
@@ -0,0 +1,87 @@
|
||||
---
|
||||
title: Code Scanning - LLM Security Vulnerability Scanner
|
||||
description: Scan code changes for LLM security vulnerabilities using AI-powered analysis. Find prompt injection, PII exposure, and other security risks in pull requests.
|
||||
keywords:
|
||||
[
|
||||
code security,
|
||||
LLM security,
|
||||
AI security,
|
||||
AI security scanning,
|
||||
security scanning,
|
||||
code scanning,
|
||||
prompt injection detection,
|
||||
PII detection,
|
||||
pull request review,
|
||||
PR review,
|
||||
security automation,
|
||||
GitHub Action security,
|
||||
vulnerability scanner,
|
||||
]
|
||||
sidebar_label: Overview
|
||||
sidebar_position: 1
|
||||
---
|
||||
|
||||
# Code Scanning
|
||||
|
||||
Promptfoo Code Scanning uses AI agents to find LLM-related vulnerabilities in your codebase and helps you fix them before you merge. By focusing specifically on LLM-related vulnerabilities, it finds issues that more general security scanners might miss.
|
||||
|
||||
## How It Works
|
||||
|
||||
The scanner examines code changes for common LLM security risks including prompt injection, PII exposure, and excessive agency. Rather than just analyzing the surface-level diff, it traces data flows deep into your codebase to understand how user inputs reach LLM prompts, how outputs are used, and what capabilities your LLM has access to.
|
||||
|
||||
This agentic approach catches subtle security issues that span multiple files, while maintaining a high signal-to-noise ratio to avoid alert fatigue.
|
||||
|
||||
## Getting Started
|
||||
|
||||
### GitHub Action
|
||||
|
||||
Automatically scan pull requests with findings posted as review comments, and optionally publish alerts to GitHub Code Scanning and the repository Security tab. This is the recommended way to use the scanner if your code is on GitHub. [Set up the GitHub Action →](./github-action.md)
|
||||
|
||||
### VS Code Extension (Enterprise)
|
||||
|
||||
Scan code directly in your editor with real-time feedback, inline diagnostics, and quick fixes. Available for enterprise customers. [Learn more →](./vscode-extension.md)
|
||||
|
||||
### CLI Command
|
||||
|
||||
Run scans locally or in any CI environment. [Use the CLI →](./cli.md)
|
||||
|
||||
## Severity Levels
|
||||
|
||||
Findings are classified by severity to help you prioritize:
|
||||
|
||||
- **Critical** 🔴: Immediate security risk
|
||||
- **High** 🟠: Significant issue
|
||||
- **Medium** 🟡: Moderate risk
|
||||
- **Low** 🔵: Minor issue
|
||||
|
||||
Configure minimum severity thresholds in your scan settings.
|
||||
|
||||
## Custom Guidance
|
||||
|
||||
Tailor scans to your needs by providing custom guidance:
|
||||
|
||||
- Focus on specific vulnerability types or code areas
|
||||
- Adjust severity levels based on your context
|
||||
- Suggest fixes using your preferred libraries
|
||||
- Skip known false positives
|
||||
|
||||
**Example:**
|
||||
|
||||
```yaml
|
||||
guidance: |
|
||||
Ignore the /examples directory—it contains demo code only.
|
||||
Treat potential PII exposure as critical.
|
||||
For this app, sending proprietary code to OpenAI or Claude is not a vulnerability.
|
||||
Use Zod schemas for validation when suggesting fixes.
|
||||
```
|
||||
|
||||
## Cloud and Enterprise
|
||||
|
||||
Scans run on Promptfoo Cloud by default. For organizations that need to run scans on their own infrastructure, code scanning is available in [Promptfoo Enterprise On-Prem.](../enterprise)
|
||||
|
||||
## See Also
|
||||
|
||||
- [GitHub Action](./github-action.md)
|
||||
- [VS Code Extension](./vscode-extension.md)
|
||||
- [CLI Command](./cli.md)
|
||||
- [Promptfoo Scanner GitHub App](https://github.com/apps/promptfoo-scanner)
|
||||
@@ -0,0 +1,131 @@
|
||||
---
|
||||
title: VS Code Extension
|
||||
sidebar_label: VS Code Extension
|
||||
sidebar_position: 4
|
||||
description: Detect LLM security vulnerabilities in VS Code with real-time scanning. Find prompt injection, jailbreak risks, and PII exposure as you code.
|
||||
keywords:
|
||||
[
|
||||
vscode extension,
|
||||
VS Code security scanner,
|
||||
LLM security,
|
||||
prompt injection detection,
|
||||
code scanning IDE,
|
||||
real-time security scanning,
|
||||
enterprise,
|
||||
]
|
||||
---
|
||||
|
||||
# VS Code Extension
|
||||
|
||||
The Promptfoo Security Scanner for VS Code detects LLM security vulnerabilities directly in your editor. It finds prompt injection risks, jailbreak vulnerabilities, PII exposure, and other security issues as you code—before they reach your CI pipeline or production.
|
||||
|
||||

|
||||
|
||||
:::info Enterprise Feature
|
||||
The VS Code extension is available for Promptfoo Enterprise customers. [Contact us](/contact) to get access for your organization.
|
||||
:::
|
||||
|
||||
## Features
|
||||
|
||||
- **Real-time scanning**: Automatically scans files on save
|
||||
- **Inline diagnostics**: Security issues appear as squiggly underlines in your code
|
||||
- **Problems panel**: All findings listed in VS Code's Problems panel
|
||||
- **CodeLens annotations**: Inline severity indicators above vulnerable code
|
||||
- **Quick fixes**: Apply suggested fixes with one click
|
||||
- **AI assistance**: Get AI-generated prompts to help fix complex issues
|
||||
- **Git diff scanning**: Scan all changed files in your branch
|
||||
|
||||
## Getting Started
|
||||
|
||||
1. [Contact us](/contact) to get the extension package (`.vsix` file)
|
||||
2. Install in VS Code: Extensions → ⋯ → Install from VSIX
|
||||
3. Configure your API key: Cmd+Shift+P → **Promptfoo: Configure API Key**
|
||||
|
||||
## Usage
|
||||
|
||||
**Automatic scanning**: Files are scanned when you save. Findings appear as inline diagnostics in your code and in the Problems panel.
|
||||
|
||||
**Manual scanning**: Use the Command Palette (Cmd+Shift+P):
|
||||
|
||||
- **Promptfoo: Scan Current File** — Scan the active file
|
||||
- **Promptfoo: Scan Selection** — Scan selected code
|
||||
- **Promptfoo: Scan Git Changes** — Scan all changed files in your branch
|
||||
- **Promptfoo: Clear All Scan Results** — Clear all diagnostics
|
||||
- **Promptfoo: Show Output** — Show the extension's output channel
|
||||
|
||||
### Keyboard Shortcuts
|
||||
|
||||
| Shortcut | Command |
|
||||
| ----------------------------------- | ----------------- |
|
||||
| Ctrl+Shift+P F (Mac: Cmd+Shift+P F) | Scan current file |
|
||||
|
||||
### Context Menu
|
||||
|
||||
Right-click in the editor to access:
|
||||
|
||||
- **Scan Current File** — Scan the entire file
|
||||
- **Scan Selection** — Scan only the selected code (when text is selected)
|
||||
|
||||
## Configuration
|
||||
|
||||
Configure the extension in VS Code Settings or in your `settings.json`:
|
||||
|
||||
| Setting | Description | Default |
|
||||
| -------------------------------- | -------------------------------- | --------------------------- |
|
||||
| `promptfoo.apiHost` | Promptfoo API host URL | `https://api.promptfoo.app` |
|
||||
| `promptfoo.minimumSeverity` | Minimum severity to display | `low` |
|
||||
| `promptfoo.scanOnSave` | Auto-scan files on save | `true` |
|
||||
| `promptfoo.scanOnSaveDebounceMs` | Debounce delay for auto-scan | `1500` |
|
||||
| `promptfoo.diffsOnly` | Only analyze code diffs | `true` |
|
||||
| `promptfoo.showCodeLens` | Show inline CodeLens annotations | `true` |
|
||||
| `promptfoo.enabledLanguages` | Languages to scan | See below |
|
||||
|
||||
### Example settings.json
|
||||
|
||||
```json
|
||||
{
|
||||
"promptfoo.minimumSeverity": "medium",
|
||||
"promptfoo.scanOnSave": true,
|
||||
"promptfoo.scanOnSaveDebounceMs": 2000,
|
||||
"promptfoo.showCodeLens": true
|
||||
}
|
||||
```
|
||||
|
||||
### Supported Languages
|
||||
|
||||
By default, the extension scans:
|
||||
|
||||
- JavaScript / TypeScript (including JSX/TSX)
|
||||
- Python
|
||||
- Go
|
||||
- Java
|
||||
- Rust
|
||||
- Ruby
|
||||
- PHP
|
||||
- C#
|
||||
- C/C++
|
||||
|
||||
Customize with the `promptfoo.enabledLanguages` setting. An empty array enables scanning for all languages.
|
||||
|
||||
## Severity Levels
|
||||
|
||||
Findings are classified by severity:
|
||||
|
||||
| Level | Icon | Description |
|
||||
| -------- | ---- | ---------------------------- |
|
||||
| Critical | 🔴 | Immediate security risk |
|
||||
| High | 🟠 | Significant vulnerability |
|
||||
| Medium | 🟡 | Moderate concern |
|
||||
| Low | 🔵 | Minor issue or best practice |
|
||||
|
||||
Use the `promptfoo.minimumSeverity` setting to filter out lower-severity findings.
|
||||
|
||||
## Privacy
|
||||
|
||||
Code is sent to Promptfoo's servers for analysis and is not stored after analysis completes. For organizations that need to run scans on their own infrastructure, the extension works with [Promptfoo Enterprise On-Prem](/docs/enterprise/).
|
||||
|
||||
## See Also
|
||||
|
||||
- [Code Scanning Overview](./index.md)
|
||||
- [GitHub Action](./github-action.md)
|
||||
- [CLI Command](./cli.md)
|
||||
Reference in New Issue
Block a user