Argus is an open-source application security agent. It reviews code the way an analyst does: it runs real scanners, reads their findings, weighs them against your organization's context, and talks back in plain language. One long-lived daemon per organization — reached through the places your team already works: a terminal chat, GitHub pull requests, and MCP from your own AI tools.
Deterministic scanners are precise but shallow — a missing ownership check has no signature to pattern-match. Language models can read and reason about code, but on their own they drown the signal in false positives. Argus pairs the two and adds the missing third ingredient: your organization. Scanners are wrapped as structured tools, the model is disciplined by curated methodology, and every review is grounded in your company's stack, risk tolerance, and accumulated knowledge — so the answer isn't "here are 400 findings", it's a conversation with a colleague who knows your codebase.
git clone https://github.com/argusappsec/argus.git && cd argus
make build
./argus init # pick a provider, set the API key, shape your org's SOUL
./argus doctor # verify scanners and configuration
./argus # chat with your security engineerPrefer containers? The batteries-included image ships with semgrep,
gitleaks, and osv-scanner preinstalled:
docker run -it -v argus-data:/data -p 8080:8080 ghcr.io/argusappsec/argusTo review pull requests, connect a GitHub App with ./argus codehost setup
and open a PR: the review arrives on its own, and you can answer back right
on the thread — "Argus, is this finding real?".
New here? Start with Getting started.
- Reviews you can talk to. Ask in chat, call over MCP, or let GitHub webhooks trigger them automatically — then discuss the findings instead of grepping a SARIF file.
- Real scanners, no shell escape.
semgrep,gitleaks, andosv-scannerrun as structured, code-reviewed Go tools; the model is deliberately given no genericbash/exec. - Knows your organization. A SOUL file (company profile, stack, compliance posture, persona) rides along in every model call; curated memory and a topical knowledge base carry context across sessions.
- Skills. Multi-step methodologies bundled as markdown, triggered with
/<name>— four built-ins included, bring your own with aSKILL.md. - One trust model. Every action across every channel is attributed to a principal with a role and recorded in an append-only audit log.
- Hardened against prompt injection. Reviewed code is data, never instructions: automatic reviews run least-privilege, file access is confined to the checkout, and confidentiality is enforced on what Argus posts.
Argus runs as one shared daemon per organization (argusd). Every channel
is a goroutine inside that single process, sharing one provider, one tool
registry, one knowledge base, and one audit log.
| Channel | Transport | Identity |
|---|---|---|
| TUI | local Unix socket | local:$USER (socket possession = auth) |
| MCP | HTTP (Model Context Protocol) | mcp:<token-hash> |
| GitHub | signed webhook events | Service principal (webhooks), github:<login> (comments) |
| Slack (planned) | Socket Mode bot | slack:<user_id> |
| Skill | What it does |
|---|---|
authz-audit |
White-box hunt for broken authorization (BOLA/IDOR, BFLA) — validated at 100% recall / 100% precision on VAmPI |
pr-quick-check |
Fast security pass over a pull request diff |
secret-rotation-plan |
Find committed secrets and draft a prioritized rotation plan |
threat-modeling |
Build a STRIDE threat model of a codebase |
- Getting started — install, bootstrap, first chat
- Configuration — the full
argus.yamlreference - GitHub channel — automatic PR reviews and talking to Argus on threads
- MCP channel — Argus as a consultable colleague for your AI tools
- Skills — using, writing, and overriding skills
- Kubernetes deployment — hosting Argus on a cluster
Curious how it's designed? The domain vocabulary lives in CONTEXT.md, every architectural decision is recorded under docs/adr/, and deeper design rationale under docs/design/.
Argus is pre-1.0 and moving fast. Defaults and configuration schemas may change between minor versions — always loudly, with startup errors that name their replacement, never silently.
Argus is licensed under the Apache License 2.0. The Argus logo and brand assets are licensed under CC BY 4.0.