Security detection: - 16+ vulnerability types (SQL/NoSQL/LDAP injection, XSS, command injection, SSRF, CSRF, SSTI, prototype pollution, weak crypto, etc.) - Taint tracking across files - <10% false positive rate - Z3 symbolic execution for path analysis
The MCP part exposes 23 tools that let AI agents analyze code: - security_scan, cross_file_security_scan - symbolic_execute (Z3-based path exploration) - generate_unit_tests (test gen from symbolic paths) - simulate_refactor (behavior preservation check) - code_policy_check (compliance verification)
CLI works standalone too. No-install usage: uvx codescalpel mcp
Or: pip install codescalpel
Testing was important - 7,297 test cases with 94.86% coverage.
What I'm curious about: - Is <10% false positive rate good enough for AppSec teams? - What other security checks would help? - Interest in expanding to Go/Rust/C++?
Target users: Individual developers (cost reduction story), security engineers (OWASP Top 10 evaluation), team leads (ROI analytics), enterprise architects (SOC2/ISO compliance).
Repo: https://github.com/3D-Tech-Solutions/code-scalpel
MIT licensed, actively maintained. Feedback welcome!