Dojigiri — Static Analysis Security Scanner

Open-source SAST. 2,176 rules. 18 languages.

One command. Full taint analysis. LLM security rules no other scanner has.

Install the CLI View on GitHub
2,657 tests passing
OWASP Youden +91.9%
140+ LLM security rules
Taint-aware engine
// try it now

See What We Catch

source.py
Ctrl+Enter to scan
output

Paste code on the left and hit Scan.

// get started

Install in 10 Seconds

pip install dojigiri doji scan .

No API key required. Runs entirely locally.

  • 2,176 rules across 18 languages
  • Taint-aware analysis engine
  • SARIF, JSON, HTML, and text output
  • CI/CD via GitHub Actions or GitLab CI
// ai security

LLM & AI Security Rules

140+ LLM Security Rules
  • Prompt injection (direct & indirect)
  • System prompt leakage
  • Unsafe tool execution & excessive agency
  • Training data poisoning vectors
  • Multimodal injection (vision models)
  • Missing rate limits & token budgets
OWASP LLM Top 10: 10/10
  • LLM01 — Prompt Injection (19 rules)
  • LLM02 — Sensitive Info Disclosure
  • LLM03 — Supply Chain
  • LLM04 — Data & Model Poisoning
  • LLM05 — Improper Output Handling
  • LLM06 — Excessive Agency
  • LLM07 — System Prompt Leakage
  • LLM08 — Vector & Embedding Weaknesses
  • LLM09 — Misinformation
  • LLM10 — Unbounded Consumption
// approach

How It Compares

Other Scanners
  • Pattern matching
  • Basic data flow
  • Limited language coverage
  • No LLM / AI security rules
  • No OWASP LLM Top 10
Dojigiri
  • Open-source (AGPL v3)
  • 2,176 rules across 18 languages
  • Taint-aware, inter-procedural analysis
  • 140+ LLM security rules
  • OWASP LLM Top 10: 10/10
Platform Built-ins
  • Integrated in CI
  • Free with platform
  • Basic pattern matching
  • No LLM / AI security rules
  • No taint analysis
// coverage

Supported Languages

TypeScript336 rules
JavaScript336 rules
Python319 rules
Java278 rules
Go267 rules
PHP218 rules
C#216 rules
Rust206 rules