Getting Started

An open-source security suite combining structural code analysis with AI-powered vulnerability detection for modern development teams.

Quick Start

New to Code Pathfinder? Check out the Installation Guide for step-by-step instructions on installing via Docker, npm, or from source.

Basic Scan

Run a security scan on your project:

text
pathfinder scan --rules rules/ --project /path/to/project

CI/CD Integration

Generate machine-readable output for CI/CD pipelines:

text
# JSON output
pathfinder ci --rules rules/ --project . --output json > results.json

# SARIF output (GitHub Code Scanning)
pathfinder ci --rules rules/ --project . --output sarif > results.sarif

# CSV output
pathfinder ci --rules rules/ --project . --output csv > results.csv

Using Docker

Run scans in a containerized environment:

text
docker run --rm -v "./src:/src" \
  shivasurya/code-pathfinder:stable-latest \
  ci --project /src --ruleset cpf/java

Next Steps

Connect AI Assistant to Codebase →

MCP

Query your code with natural language through Claude Code, Codex, OpenCode, or Windsurf using MCP server

Learn SAST from Scratch →

Master static analysis security testing with our free interactive course - 6 modules, 43 chapters

Browse Security Rules →

Explore our registry of 190+ security rules for Python, Docker, and Docker Compose

Read the Blog →

Learn about SAST best practices, security engineering, and vulnerability detection

View on GitHub →

Star the repository, report issues, or contribute to the project

Ready to secure your codebase?

Install Code Pathfinder now and start finding real security issues without the noise.

Install Now

Quick start guide

Join Community

GitHub Discussions

Get Help

Contact support