BetterQA Software Testing Company
Book A Consultation
Back to Security Testing
AI Security Toolkit V4

30+ security tools,
one AI brain

Claude is the orchestrator. Semgrep, ZAP, Trivy, Nuclei, and 26 more tools are the sensors. 9 specialist agents coordinate them in a 7-phase pipeline, then cross-pollinate findings to build attack chains no single tool would catch. Export to SARIF for IDE integration, generate CycloneDX SBOMs for compliance, or use the MCP server for Claude Code integration.

Request Security Assessment
9 AI Agents
30+ Security Tools
7 Phase Pipeline
95%+ OWASP Coverage
ai-security-scan-v4
$ ./run-all-tests.sh --source-path ./src --sarif --sbom
[V4] Initializing 9 specialist agents in parallel...
[SAST] Semgrep + Bearer: 3 findings in 847 files
[SCA] Trivy + Syft scanning dependencies...
[SCA] CVE-2024-3241 (jsonwebtoken 8.5.1) HIGH
[IAC] Checkov + tfsec: 2 misconfigs in terraform/
[SBOM] CycloneDX: 847 components catalogued
[SARIF] IDE-ready output: reports/sarif/*.sarif
[CHAIN] SCA CVE + IaC miscfg = token forge → admin
[REPORT] 14 findings, 2 chains → SARIF + SBOM exported
Section 01

9 Specialist Agents

Each agent focuses on a specific attack class. They run in parallel, share findings, and build multi-step attack chains that individual tools would never detect.

CLAUDE
Protocol Analyst
Auth Bypass
Client DOM
Injection
SAST
SCA
Secrets
DAST
Coverage
Protocol Analyst
Maps API endpoints, auth flows, file upload handlers, and WebSocket connections.
Auth Bypass
Tests session management, OAuth, JWT validation, privilege escalation, IDOR.
Client-Side DOM
Scans for XSS, prototype pollution, client-side injection, postMessage handlers.
Injection Chains
Tests SQLi, command injection, SSTI, SSRF, path traversal with context-aware payloads.
SAST Agent
Static analysis via Semgrep, Bandit, njsscan, Bearer, gosec with custom rules.
SCA Agent
Dependency scanning with Trivy, Syft, pip-audit. Maps CVEs to usage paths.
Secrets Agent
Runs gitleaks, trufflehog across git history. Validates if keys are still active.
DAST Orchestrator
Coordinates ZAP, Nuclei, sqlmap, Wapiti, ffuf, XSStrike, Dalfox against live endpoints.
Coverage Coverageor
Maps findings to OWASP Top 10. Triggers gap-fill scans for zero-coverage categories.
Section 02

What Makes This Different

Capability Description Example
SPEC-01
Cross-Pollination
 When one agent finds something, it tells related agents to focus there. SCA finds vulnerable JWT library → DAST agent targets auth endpoints using that library. SCA CVE → DAST focus
SPEC-02
Attack Chains
 Individual findings are medium severity. Combined, they're critical. The toolkit links SCA + DAST + Auth findings into full exploitation paths. JWT vuln + /api/refresh → admin
SPEC-03
Coverage Coverage
 Every scan maps findings to OWASP Top 10 categories. If any category has zero coverage, gap-fill scans run before the final report. Gap: SSRF → run nuclei ssrf
SPEC-04
Human Review
 AI finds and correlates. Humans verify and prioritize. Every critical finding is manually validated before it appears in your report. AI: 14 findings → Human: 9 valid
Section 03

7-Phase Pipeline

1
Surface
Map attack surface: endpoints, auth, uploads
2
Parallel
9 agents run concurrently
3
Cross-Pollinate
Share findings between agents
4
Chain
Build multi-step attack paths
5
Coverage
Check OWASP Top 10 coverage
6
Gap-Fill
Target zero-coverage areas
7
Report
Human-reviewed findings
Section 04

30+ Security Tools

SAST
Semgrep Bandit njsscan Bearer gosec
SCA
Trivy Syft pip-audit Safety npm-audit
DAST
ZAP Nuclei sqlmap Wapiti ffuf XSStrike Dalfox
Secrets
gitleaks trufflehog detect-secrets
IaC
Checkov tfsec kics
Cloud
Prowler Kubescape ScoutSuite
Custom
dom-scanner.js oob-detector.sh param-fuzzer.sh chain-builder.py
Output
SARIF CycloneDX SBOM
Section 05

Developer Integration

Feature Description Command
INT-01
SARIF Output
 Export scan results in Static Analysis Results Interchange Format for seamless integration with VS Code, GitHub Code Scanning, Azure DevOps, and SonarQube. --sarif
INT-02
SBOM Generation
 CycloneDX Software Bill of Materials for Executive Order 14028 compliance, NTIA minimum elements, and supply chain security requirements. --sbom
INT-03
MCP Server
 Native integration with Claude Code and Claude Desktop. Start scans with natural language, get real-time progress tracking and structured findings. npm install @betterqa/security-mcp
INT-04
Parallel Execution
 All SAST, SCA, and IaC tools run concurrently for 3-5x faster scans. Configurable timeouts (default 5 min per tool) with smart dependency detection. --comprehensive
Section 06

CLI Reference

Source
--source-path <dir> --sast-only --skip-sast --skip-sca --skip-iac
Output
--sarif --sbom --comprehensive
OUTPUT STRUCTURE
reports/scan_TIMESTAMP/
├── sast/           # Static analysis
├── sca/            # Dependency vulnerabilities
├── iac/            # Infrastructure issues (NEW)
├── sbom/           # Bill of Materials (NEW)
├── sarif/          # IDE-compatible output (NEW)
├── logs/           # Tool execution logs (NEW)
└── [DAST outputs]

Ready for a security assessment?

Get a comprehensive security scan with attack chain analysis and OWASP coverage audit.

Request Assessment
Need help with QA testing? Talk to an Expert