
A Secure Code Review Collaborator
DreamtestAI scans your codebase with modern LLMs and generates vulnerability reports in Markdown, JSON, or CSV. Built for security analysts, auditors, and developers who want automated secure code review.
Source: github.com/promptagainstthemachine/DreamtestAI
Features
- Supports OpenAI, Claude, Gemini, and Ollama-compatible local models
- Parses files in a directory and sends code with line numbers to the model
- Markdown-styled findings in the terminal
- Progress bar during analysis
- Structured output to JSON and CSV
- Highlights file names, line numbers, and vulnerable lines
- Simple CLI with rich formatting
Installation
git clone https://github.com/promptagainstthemachine/DreamtestAI.git
cd DreamtestAI
pip install -r requirements.txt
Usage
python main.py --folder ./your/codebase
Works well with local models such as qwen2.5-coder:latest via Ollama.
Optional arguments
| Flag | Description |
|---|---|
--model |
Model name (e.g. openai/gpt-4, claude-3-opus, gemini-1.5-pro) |
--folder |
Path to the source folder to analyze |
--output-json |
Save results to vulnerabilities.json |
--output-csv |
Save results to vulnerabilities.csv |
--debug |
Enable debug logging |
Examples
# Local / default model
python main.py --folder ./src
# OpenAI with exports
python main.py --folder ./src --model openai/gpt-4 --output-json --output-csv
Output formats
Terminal (Markdown)
Findings print in a readable Markdown format in the terminal.
JSON
[
{
"file": "login.js",
"issue": "Insecure Redirect",
"line": "88",
"code": "window.location.href = userInput;"
}
]
CSV
| File Name | Issue | Line Number | Line Text |
|---|---|---|---|
| login.js | Insecure Redirect | 88 | window.location.href = userInput; |
Supported models
| Provider | Examples |
|---|---|
| Local / Ollama | qwen2.5-coder:latest, llama3, mistral |
| OpenAI | gpt-4, gpt-3.5-turbo |
| Claude | claude-3-opus, claude-2.1 |
| Gemini | gemini-1.5-pro |
License
MIT — see the repository LICENSE file.
