Stellarion
Tools

stellarion_scan_security [Pro]

Scan codebase for security vulnerabilities and unsafe patterns
This is a Pro tool. Requires a Stellarion Pro license. A 180-day free trial starts automatically.

Scans your codebase for security vulnerabilities including dangerous function calls (strcpy, eval, system), weak cryptography (MD5, SHA1), hardcoded secrets, unsafe patterns, and architectural layer violations. Ships with 40+ rules covering 13 languages.

When to Use

  • Before a security review or audit to get a baseline
  • After adding new dependencies or integrations
  • In CI pipelines as a security gate
  • When onboarding to an unfamiliar codebase to find existing risks

Parameters

ParameterTypeRequiredDefaultDescription
scopestringNoworkspacePath filter to narrow the scan (e.g., src/api/)
severityenumNomediumMinimum severity to report: critical, high, medium, low
categorystringNoallFilter by category: injection, xss, overflow, crypto, secrets, unsafe

Examples

Scan entire project for medium+ issues

Scan my project for security vulnerabilities.

Focus on critical issues only

Run a security scan on src/ — only show critical and high severity findings.

Stellarion returns findings filtered to critical and high, skipping informational and medium-severity matches.

Check for hardcoded secrets

Scan for hardcoded secrets and API keys in the codebase.

Uses category: "secrets" to focus on patterns like hardcoded passwords, API keys, tokens, and connection strings.

Audit cryptographic usage

Are we using any weak crypto algorithms? Check for MD5 and SHA1.

Uses category: "crypto" to find weak hashing algorithms, insecure random number generators, and deprecated cipher suites.

Output Format

Returns a list of findings, each containing:

  • File path and line number — exact location of the issue
  • Rule name — which rule was triggered (e.g., dangerous-eval, weak-hash-md5)
  • Severitycritical, high, medium, or low
  • Categoryinjection, xss, overflow, crypto, secrets, or unsafe
  • Description — what the issue is and why it matters
  • Summary — total counts by severity and category

Tips

  • Start with severity: "high" to focus on actionable issues before expanding to medium
  • Use scope to scan only changed directories during code review
  • Combine with stellarion_assess_change_risk to understand whether a security finding is in a high-traffic code path
  • The scanner uses the already-indexed graph — no re-parsing needed, results are instant
  • Layer violations detect cases like database queries in controller code or direct file system access from UI components

stellarion_get_edit_context

Assembles source, callers, tests, memories, and git history for editing code

stellarion_analyze_coupling [Pro]

Measure module coupling with afferent, efferent, and instability metrics