Our AI Code Scan uses your own AI/LLMs to assist with current Flawnter code analysis to find more vulnerabilities. AI predictions are probabilistic and may not always be accurate; they can generate false positives or miss vulnerabilities. Also when using external LLMs, note that your code may be transmitted outside your organization, which may not align with zero-trust principles. To minimize risk, consider using local LLMs in your network to keep data internal. Flawnter makes no guarantees of accuracy or completeness, and you are responsible for validating AI-generated results before use. For any questions please contact info@flawnter.com.

To use AI Code Scan you need to add the following in the flawnter.cfg file:

ai-provider=<ai provider> - This can be openai, openai-generic, azure-openai, google-gemini, anthropic, ollama.
ai-url=<full url of the api> - Example https://api.openai.com/v1/chat/completions or https://api.groq.com/openai/v1/chat/completions
ai-api-key=<api key> - AI API key or leave it empty if there is no API key.
ai-model=<ai model> - AI model to use for the scan. Example: llama-3.1-8b-instant, openai/gpt-oss-20b, gpt-4o-mini, etc.

If you don't want to use AI Code Scan just comment out the ai items or remove it from the flawnter.cfg. For more help read our documentation page or contact us.

Supported LLM Providers:

- OpenAI and all compatible APIs (e.g. Groq, Grok, DeepSeek, Hugging Face, etc.).
- Azure OpenAI.
- Google Gemini.
- Anthropic.
- Ollama (Self hosted).