Latio Application Security Tester

January 17, 2021

![GitHub stars](https://img.shields.io/github/stars/latiotech/LAST?style=social)
![GitHub release (latest by date)](https://img.shields.io/github/vreleases/latiotech/LAST)
![GitHub issues](https://img.shields.io/github/issues/latiotech/LAST)
![GitHub pull requests](https://img.shields.io/github/issues-pr/latiotech/LAST)
![GitHub](https://img.shields.io/github/license/latiotech/LAST)
[![Discord](https://img.shields.io/discord/1119809850239614978)](https://discord.gg/k5aBQ55j5M)
[![PyPI – Downloads](https://img.shields.io/pypi/dm/latio)](https://pypi.org/project/latio)

Scan Your Code for Security and Health Issues

Use OpenAI or Gemini to scan your code for security and health issues directly from the command line interface (CLI). With options to scan your full code, code changes, or run in a pipeline, the Latio Application Security Tester makes code safety easy!

Installation

bash
pip install latio
export OPENAI_API_KEY=xxx

How to Run Locally

Follow these steps to run Latio on your local machine:

Obtain your OpenAI key from here, and your Google API key from here.

Set your API keys in the terminal:

bash
export OPENAI_API_KEY=YourOpenAPIKey
export GEMINI_API_KEY=YourGeminiAPIKey

To scan only your changed files before merging, use:
```
bash
latio partial path/to/directory
```
This utilizes the GPT-3.5-turbo model by default. For Google scans:
```
bash
python latio partial path/to/directory --model=gemini-pro
```
To scan your entire application:
```
bash
latio full path/to/directory
```
This uses the beta model of GPT-4. Make sure to specify relevant folders if needed.
You can also specify a model using the name from OpenAI’s documentation:
OpenAI Models Documentation.

How to Run in Pipeline

Setting up Latio in your pipeline is straightforward:

Get your OpenAI token from here.
Add your OpenAI API key as a Repository Secret in GitHub:
- Navigate to: github.com/org/repo/settings/secrets/actions and create a new Repository Secret named OPENAI_API_KEY.
Copy the workflow file:
```
.github/workflows/actions-template-security.yml
```
and paste it into your own .github/workflows folder.

Command Line Options

The following options can be utilized while scanning your code:

For Partial Directory Scans

latio partial directory [--model model_name] [--health]

For Full Directory Scans

latio full directory [--model model_name] [--health]

Options:

--health: Optional. Runs an optimization-focused prompt.
--model model_name: Optional. Specify the OpenAI model name to use.

Example command for partial scans:

bash
latio partial path/to/your/project --model gpt-3.5-turbo --health

Troubleshooting

If you encounter issues, consider the following:

Ensure your API keys are correctly set and are not expired or invalid.
Check that your directory paths are accurate and accessible.
If using specific models, verify that they are supported and available from OpenAI.

For more insights, updates, or to collaborate on AI development projects, stay connected with fxis.ai.

At fxis.ai, we believe that such advancements are crucial for the future of AI, as they enable more comprehensive and effective solutions. Our team is continually exploring new methodologies to push the envelope in artificial intelligence, ensuring that our clients benefit from the latest technological innovations.

Concepts Made Simple: An Analogy

Think of Latio as a security guard at a busy office. The “office” represents your entire codebase, where many people (developers) come and go, making changes or adding new features. The security guard (Latio) helps by keeping an eye on what’s changed (the files) and ensuring that nothing harmful (security or health issues) slips through the cracks. Like a vigilant guard, Latio can assess both new changes and the whole building, ensuring that all is secure and functioning optimally.