DEV Community

Peter Nasarah Dashe
Peter Nasarah Dashe

Posted on

Permi v0.2.10: Making Security Scans Portable with JSON and Markdown

#python #security #devtools #opensource

What's new

Based on early user feedback, Permi can now save your vulnerability scan results in three distinct formats to fit your workflow:

  • --export results.txt – Human-readable plain text for quick reviews.
  • --export results.json – Structured data designed for scripts and CI/CD automation.
  • --export results.md – Clean Markdown, perfect for GitHub documentation or internal wikis.

Example

To try out the new export feature, ensure you have the latest version installed:


bash
pip install -U permi
permi scan --path ./src --export report.md
The exported file includes:

Scan metadata: Target path, timestamp, and duration.
AI filter summary: Raw findings vs. real findings and noise reduction percentage.
Detailed findings: Each vulnerability includes the file path, line number, code snippet, confidence score, and the AI's reasoning.
Why this matters
Developers told me they wanted to share results with their teams, attach reports to Jira tickets, or archive scans for compliance. By moving beyond just CLI output, Permi can now live inside your existing project documentation.

What's next
The roadmap is focused on making these scans even more accessible:

VS Code extension: For real-time scanning as you code.
GitHub Action: To automate PR checks using the new JSON export.
Has anyone successfully integrated AI-filtered security scans into their workflow yet?



  

    

      GitHub logo
      
        Peternasarah
       / 
        permi
      
    

    

      AI-powered vulnerability scanner for Nigerian developers and global SMBs
    

  

  

    



Permi





PyPI version
CI



AI-powered vulnerability scanner for Nigerian developers and global SMBs.



Permi scans live websites and source code for security vulnerabilities, then uses AI to filter out false positives — so you only see findings that actually matter.



Built in Nigeria. For Nigeria. Then for the world.









Two scan modes








--url — Live web scanning





Point Permi at any website. It crawls the pages, tests for SQL injection, XSS, and checks security headers on the running application.





permi scan --url https://yoursite.com





    Enter fullscreen mode
    


    Exit fullscreen mode
    













--path — Static source code scanning






Point Permi at a local folder or GitHub repository. It reads your code files, matches vulnerability patterns, and flags issues before they ship.





permi scan --path ./myapp
permi scan --path https://github.com/user/repo





    Enter fullscreen mode
    


    Exit fullscreen mode
    













What Permi detects








Web scanning (--url)







    


  • 

SQL Injection — error-based, boolean-based blind, time-based blind
    • 


  • 

Cross-Site Scripting (XSS) — reflected XSS with context-aware testing
    • 


  • 

Missing Security Headers — HSTS, CSP, X-Frame-Options, X-Content-Type-Options
    • 


    • 





  



  
View on GitHub







📦 GitHub Release Notes (v0.2.10)

🚀 New Feature



Added --export flag supporting .txt, .json, and .md.

🧹 Improvements



Better error handling for AI API timeouts.

Faster JSON parsing in the AI filter logic.

🙏 Thanks

To everyone who sent feedback about the CLI output—you made this happen. Keep it coming.
Enter fullscreen mode Exit fullscreen mode

Top comments (0)