Show HN: AI Code Scanning/SAST (github.com)

A new two-part Python SAST project offers an LLM-powered code scanner plus a lightweight management server. The scanner is a CLI that runs standalone static analysis on a folder and emits JSON findings; the management server launches scans, ingests results into SQLite, and exposes a minimal web UI (default http://localhost:3000) for orchestration. Setup requires Python 3.11+, creating a venv, pip install -e ., copying env.example to .env and exporting env vars. Run the scanner with sassycode-scanner scan --path /path/to/repo --model gpt-4o-mini (alternatively via python -m scanner.cli or direct file execution with PYTHONPATH). Start the manager with sassycode-manager --reload; port can be overridden with --port or PORT and DATABASE_URL controls DB location. This is significant because it packages LLM-driven SAST into a locally-run, developer-friendly toolchain that outputs machine-readable findings and supports a simple UI and SQLite-backed history—making it easy to integrate into local workflows or CI. Key operational notes: an OpenAI API key is required, the scanner automatically omits the temperature parameter for models that enforce fixed temperature (e.g., gpt-5) to avoid API errors, and costs/quality depend on chosen model. The project is a practical demo of combining LLMs with conventional SAST patterns for faster, conversational code security insights.