Use attune workflow run security-audit when you
want to scan a codebase for vulnerabilities β eval/exec usage,
path traversal, hardcoded secrets, and injection risks β and
receive a severity-grouped report with actionable remediation
steps.
Prerequisites
- Access to the project source code you want to scan
- The
attuneCLI installed and accessible on yourPATH
Run the audit
1. Choose the path to scan
Identify the directory or file you want to audit. For most
projects, src/ is a good starting point. Smaller
scopes (e.g. src/myapp/auth/) finish faster and
produce more focused reports.
2. Run the workflow
$ attune workflow run security-audit --path src/
[security-audit] starting on src/
[security-audit] scanning 234 filesβ¦
[security-audit] 3 findings (1 HIGH, 2 MEDIUM)
3. Read the report
The workflow writes a severity-grouped report. HIGH findings warrant immediate attention; MEDIUM and LOW can be triaged.
Interpret results
Each finding includes:
- Severity β HIGH, MEDIUM, or LOW based on CWE classification
- Location β
file:linereference, clickable in most editors - Pattern β what was detected (e.g.
dangerous_eval,broad_exception) - Remediation β a concrete fix suggestion
See security-audit / reference for the full pattern catalog, and bug-predict / concept for the broader detection philosophy.
Act on findings
Fix HIGH findings first. If the scanner flags a false positive, add the file to the audit-exclusion list (see security-audit / faq).