Open-source AI vulnerability scanner powered by open models.
Probus started as an internal supply chain security scanning tool that proved itself extremely efficient by finding vulnerabilities in top open source packages (e.g. n8n, AI sdk, langraphjs and more). It is now open-source to help developers better secure their codebase & supply chain. Probus' edge lies in its ability to scale its scanning capabilities with open models (by using OpenRouter).
Probus harnesses 3 agents that:
- [Analyst] Analyze the codebase and pick key files for deep scanning (e.g. entry points, third-party surface, dangerous sinks).
- [Researcher] Scan each file, dig through its chains of calls, and write raw findings (potential vulnerabilities).
- [QA] Independently verify each finding, make sure it has a real attack vector, and write a report.
npm install -g probus
probus scan ./my-appProbus runs most (cost) effectively with open models using OpenRouter. It is still possible however to use other providers, such as OpenAI or Anthropic, albeit with higher costs.
probus scan <repo-path> [--effort low|medium|high] [--primaryModel slug] [--secondaryModel slug] [--provider openai|openrouter|anthropic]
probus view <repo-path>
| Command | What it does |
|---|---|
scan |
Full pipeline: analyst → research → qa. |
view |
Skip straight to the report browser for a previously-scanned repo. |
Controls how many files the analyst targets:
| Effort | Files (approx) |
|---|---|
low (default) |
50 |
medium |
100 |
high |
500 |
Pass models as <provider>/<model> slugs via --primaryModel and --secondaryModel:
probus scan ./app --effort medium \
--primaryModel anthropic/claude-sonnet-4.6 \
--secondaryModel anthropic/claude-opus-4.7Defaults are picked from whichever *_API_KEY env var is set
(precedence: OPENROUTER_API_KEY → OPENAI_API_KEY → ANTHROPIC_API_KEY);
use --provider to override when multiple keys are present.
| Provider | Primary default | Secondary default |
|---|---|---|
openrouter |
openrouter/qwen/qwen3.6-plus |
openrouter/deepseek/deepseek-v4-pro |
openai |
openai/gpt-5.4-mini |
openai/gpt-5.4 |
anthropic |
anthropic/claude-sonnet-4-6 |
anthropic/claude-opus-4-7 |
Probus splits work between two models so you only pay premium rates where it matters:
- Primary (~90% of tokens) — runs on every file. Pick something cheap and fast:
qwen3.6,gpt-5.4-mini,sonnet-4.6. - Secondary (~10% of tokens) — verifies findings. Pick something smarter:
deepseek-v4-pro,gpt-5.4,opus-4.7.
Each file consumes roughly 1M input tokens. Approximate per-file cost by provider:
| Provider | Cost / file | vs. open models |
|---|---|---|
openrouter (open models) |
~$0.50 | 1× (baseline) |
openai |
~$1.25 | ~2.5× |
anthropic |
~$5.00 | ~10× |
PRs welcome. See CONTRIBUTING.md for dev setup, scripts, and conventions.
git clone https://github.com/ItayRosen/Probus
cd probus
nvm use && npm install
export OPENROUTER_API_KEY=sk-or-v1-...
npm run dev -- scan ../some-repo┌────────────┐ files[] ┌──────────────┐ findings[] ┌───────────┐
│ Analyst │────────────▶│ Primary │─────────────▶│ Secondary │
│ (1 call) │ │ (per file) │ │ (per file)│
└────────────┘ └──────────────┘ └─────┬─────┘
│
▼
reports/*.md
All three run as isolated query() sessions through the Claude Agent SDK, each with its own filesystem sandbox scoped to the repo being scanned.
output/<repo-slug>/
├── analysis.json # file list picked by the analyst
├── findings/
│ └── src__foo__bar.ts.json # per-file findings (verified + unverified)
├── reports/
│ └── src__foo__bar.ts--1.md # one Markdown report per verified finding
├── debug/
│ └── src__foo__bar.ts.log # full agent transcript per file
└── processed-files.txt # cache so reruns skip finished files
<repo-slug> is <basename>-<sha1(abspath)[:8]> so the same repo never collides with another.
Apache 2.0 — see LICENSE.