SAIST
ai-powered static scanning for real codebases
SAIST is a static AI-powered scanning tool that reviews codebases, diffs and GitHub pull requests for vulnerabilities. It supports multiple LLMs, local scanning with Ollama, PDF and CSV reporting, and can scan anything from a local folder to a live GitHub PR.
SAIST is Punk Security’s Static AI-powered Scanning Tool. It uses AI to review code for security weaknesses, helping teams spot issues quickly without relying on a single hosted platform or vendor workflow.
Here are the main reasons teams use it:
Scan full codebases, diffs, or GitHub pull requests
SAIST can scan entire repositories, compare branches or commits, and review GitHub pull requests automatically. That makes it useful for both deep code reviews and targeted change analysis.
Bring your own LLM
SAIST supports multiple LLM providers including OpenAI, Anthropic, Bedrock, DeepSeek, Gemini, and Ollama. That means teams can choose the right model for their environment, budget, or data-handling requirements.
Use it locally or in CI/CD
You can run SAIST against a local folder, a Git repository, or a GitHub PR. It is designed to fit naturally into development pipelines and can return a failing exit code when findings are present.
Filter what gets scanned
SAIST supports include and exclude rules through saist.include, saist.ignore, and command-line patterns. That makes it practical for larger repositories where only selected paths or file types should be analysed.
Review and share findings
Findings can be explored in a web UI, exported to CSV, or turned into a PDF report for sharing with teams, managers, or customers.
Run offline with Ollama
For organisations with stricter data handling requirements, SAIST supports Ollama for local and offline scanning workflows.
Full installation and usage details are available on GitHub.