Show HN: Sast+LLM Security Scanner that filters false positives and fixes issues (github.com)

A new Command-Line Interface (CLI) tool named VulnSink has been introduced, which enhances Static Application Security Testing (SAST) by integrating with large language models (LLMs) to filter out false positives and automatically address security vulnerabilities. This tool supports various SAST scanners, such as Semgrep and ESLint, and utilizes AI to accurately differentiate true positive findings from false alarms. Additionally, VulnSink offers real-time progress indicators, color-coded severity levels, and provides actionable insights, making it more user-friendly for developers. The significance of VulnSink lies in its potential to streamline the security scanning process, reduce manual effort in sifting through results, and improve code security in CI/CD pipelines. With features like automatic backups, dry-run modes, and customizable configurations, developers can easily integrate this tool into their workflows. Notably, the tool’s ability to generate and apply code fixes based on high-confidence findings enhances its utility, allowing organizations to maintain secure codebases efficiently while minimizing the noise often associated with traditional SAST tools.