Stop shipping security vulnerabilities. Start Secure Development right now with instant security reviews and fix suggestions right in your preferred AI coding assistant!
SecDevAI provides context-aware security analysis and powerful features for Cursor, Claude Code, and Gemini CLI through simple slash commands.
Warning
SecDevAI is currently in active development. Features, interfaces and behavior may change without notice. Use at your own risk and please report any issues you encounter. Contribution is more than welcome!
Install SecDevAI to your project. (uv is required)
uv tool install git+https://github.com/RedHatProductSecurity/secdevai.git
cd your-code-project
secdevai .Run your preferred AI tool (e.g., Claude Code, Cursor, Gemini-CLI) and type /secdevai.
That's it! Try using the available commands.
SecDevAI is an AI-powered secure development assistant that helps developers and security researchers build secure code. It provides security analysis with optional integration to existing security tools, supporting both targeted file/selection reviews and full codebase scans. The tool includes extensible rules covering OWASP Top 10 and common code patterns, making it valuable for both development teams and security researchers analyzing codebases and identifying vulnerabilities.
While you can ask standard Cursor, Claude Code, or Gemini CLI for code review, SecDevAI provides transparency and control over the security review contexts. This allows you to:
- Transparency: See exactly which security patterns and rules are applied to your code.
- Control: Customize and extend security contexts to fit your organization's specific needs.
- Continuous Improvement: Update and refine security review templates based on your team's experience and evolving threats.
This approach enables you to continually improve the quality of security review results, rather than relying on opaque, fixed AI models that cannot be modified or enhanced.
- Multi-Platform: Works across Cursor, Claude Code, and Gemini CLI
- Security Review: Analyze codebases for vulnerabilities with OWASP Top 10 coverage
- Tool Integration: Optional integration with Bandit, Scorecard, and more
- Extensibility: Customizable security rules and patterns for any language
- Remediation: AI-powered code fix suggestions with approval workflow
secdevai/
├── templates/ # Template system
│ ├── commands/ # Slash command templates
│ ├── context/ # Security analysis contexts
│ └── scripts/ # Helper scripts
├── src/secdevai_cli/ # CLI implementation
└── docs/ # Documentation
- Read Usage Guide to get started and explore all features
- Read Contributing Guide to customize rules and contribute
- Make sure SecDevAI is installed:
secdevai --help - For
uv, ensure~/.local/binis in your PATH
- Ensure you're running
secdevaifrom the project root - Check that
.secdevai/directory was created
- SecDevAI defaults to Cursor if no platform directories (
.cursor/,.claude/,.gemini/) are detected - If you want commands for Claude or Gemini, create the platform directory first:
mkdir -p .claude # Creates .claude/ directory secdevai # Will now detect and deploy to .claude/commands/
- Note: Gemini CLI uses
.tomlformat, so commands in.gemini/commands/will have.tomlextension, while Cursor and Claude use.mdformat - Alternatively, manually create the commands directories after initialization:
mkdir -p .claude/commands .gemini/commands cp .cursor/commands/* .claude/commands/ # Works for Claude (same .md format) # For Gemini, you'll need to convert .md to .toml format manually
This project is licensed under the MIT License