ARM Open Sources AI-Powered Security Code Review

Notifications You must be signed in to change notification settings

Fork 89

Star 562

BranchesTags

Open more actions menu

Folders and files

NameName

Last commit message

Last commit date

Latest commit

History

195 Commits

195 Commits

.github

.github

docker/db-init

docker/db-init

docs

docs

examples

examples

src/metis

src/metis

tests

tests

.gitignore

.gitignore

.pre-commit-config.yaml

.pre-commit-config.yaml

CONTRIBUTION.md

CONTRIBUTION.md

Dockerfile

Dockerfile

LICENSE

LICENSE

MANIFEST.in

MANIFEST.in

README.md

README.md

SECURITY.md

SECURITY.md

docker-compose.yml

docker-compose.yml

project.toml

project.toml

pyproject.toml

pyproject.toml

pytest.ini

pytest.ini

Repository files navigation

Metis is an open-source, agentic AI security framework for deep security code review, created by Arm's Product Security Team. It helps engineers detect subtle vulnerabilities, improve secure coding practices, and reduce review fatigue. This is especially valuable in large, complex, or legacy codebases where traditional tooling often falls short.

Metis is named after the Greek goddess of wisdom, deep thought and counsel.

Features

Deep Reasoning Unlike linters or traditional static analysis tools, Metis doesn’t rely on hardcoded rules. It uses LLMs capable of semantic understanding and reasoning.

Context-Aware Reviews RAG ensures that the model has access to broader code context and related logic, resulting in more accurate and actionable suggestions.

Plugin-Friendly and Extensible Designed with extensibility in mind: support for additional languages, models, and new prompts is straightforward.

Issue validation Validates findings from its own analysis and third-party SAST tools, gathering evidence to reduce false positives.

Provider Flexibility Support for major LLM services and local models (vLLM, Ollama, LiteLLM etc.). See the vLLM guide and the Ollama guide for local setup examples.

Supported Languages

Metis includes support for the following languages:

Language Triage Analysis Notes

C Tree-sitter + Flow Analysis + tools Built-in plugin

C++ Tree-sitter + Flow Analysis + tools Built-in plugin

Python Tree-sitter + Structural Analysis + tools Built-in plugin

Rust Tree-sitter + Structural Analysis + tools Built-in plugin

TypeScript Tree-sitter + Structural Analysis + tools Built-in plugin

Terraform Tools Built-in plugin

Go Tree-sitter + Structural Analysis + tools Built-in plugin

Solidity Tree-sitter + Structural Analysis + tools Built-in plugin

TableGen Tools Built-in plugin

Verilog Tree-sitter + Structural Analysis + tools Built-in plugin

For triage analysis details (Flow Analysis vs Structural Analysis), see docs/triage-flow.md.

Metis uses a plugin-based language system, making it easy to extend support to additional languages.

It also supports multiple vector store backends, including PostgreSQL with pgvector and ChromaDB.

Getting Started

By default, Metis uses ChromaDB for local, no-setup usage. You can also use PostgreSQL (with pgvector) for scalable indexing and multi-project support.

1. Installation

After cloning the repository, you can either create a virtual environment or install dependencies system-wide.

To use a virtual environment (recommended):

uv venv uv pip install .

or install system wide using --system:

uv pip install . --system

To install with PostgreSQL (pgvector) backend support:

uv pip install '.[postgres]'

1.1 Docker

git clone https://github.com/arm/metis.git

cd metis

docker build -t metis .

1. Set up LLM Provider

OpenAI

Export your OpenAI API key before using Metis:

export OPENAI_API_KEY="your-key-here"

1. Index and Run Analysis

Run metis by also providing the path to the source you want to analyse:

uv run metis --codebase-path

Then, index your codebase using:

index

Finally, run the security analysis across the entire codebase with:

review_code

If the index is unavailable and you still want to run an analysis, use:

review_code --ignore-index

This is supported only for review_code, review_file, review_patch, and triage. In that mode Metis skips retrieval and warns that relevant-context lookup was disabled.

3.1 Docker

Go to your codebase path and run:

docker run --rm -it -v pwd:/metis metis

To pass environment variables use -e:

docker run --rm -it -v pwd:/metis -e "OPENAI_API_KEY=${OPENAI_API_KEY}" metis

You can pass arguments to metis:

docker run --rm -it -v pwd:/metis metis --non-interactive --command 'review_code' --output-file results/review_code_results.json

Configuration

Metis Configuration (metis.yaml)

Metis configuration can be over-ridden using a YAML configuration file (metis.yaml) in the working directory when running metis. The default configuration is in src/metis/metis.yaml. This file defines all runtime parameters including:

LLM provider: OpenAI model names, embedding models, token limits

Engine behavior: max workers, max token length, similarity top-k

Database connection: In the case of PostgreSQL: host, port, credentials, and schema name

Vector indexing: HNSW parameters for pgvector

This file is required to run Metis and should be customized per deployment.

Prompt Configuration (plugins.yaml)

Metis uses a plugins.yaml file to define language-specific behavior, including LLM prompt templates and document splitting logic. Each language plugin (e.g., C) references this file to load:

Prompt Templates

You can customize a number of prompts like the following prompts:

security_review: Guides the LLM to perform a security audit of code or diffs.

validation_review: Asks the LLM to assess the correctness or quality of a generated review.

security_review_checks: A list of all the security issues the LLM will try to search for.

These prompts provide natural language context for the LLM and can be tailored to your use case (e.g., stricter audits, privacy reviews, compliance).

Code Splitting Parameters

You can also configure the chunking parameters for source code and documentation:

chunk_lines: Number of lines per chunk

chunk_lines_overlap: Overlap between chunks

max_chars: Max characters per chunk

Plugins

Metis discovers language plugins using Setuptools entry points. Packages can expose plugins by declaring the group metis.plugins in their packaging metadata. Each entry should resolve to a class implementing metis.plugins.base.BaseLanguagePlugin and optionally accept plugin_config in the constructor.

Example pyproject.toml for a third-party plugin:

[project.entry-points."metis.plugins"] my_lang = "my_pkg.my_module:MyLanguagePlugin"

Running Metis

Metis provides an interactive CLI with several built-in commands. After launching, you can run the following:

Global CLI Flags

--custom-prompt PATH – optional .md or .txt file that contains additional guidance. When provided, Metis loads it once and weaves the text into every security-review prompt. If the flag is omitted, Metis looks for .metis.md in your project root and uses it when present. Use this to inject organization-specific policy or security requirements without editing plugins.yaml.

--backend chroma|postgres – choose vector-store backend (default chroma).

--project-schema / --chroma-dir – backend-specific knobs.

--triage – after review_code, review_file, or review_patch, triage findings and annotate SARIF output.

--include-triaged – include findings already triaged by Metis when running triage.

--ignore-index – allow review_code, review_file, review_patch, and triage to run without index-backed context. Metis warns and skips retrieval in this mode. It does not apply to ask or update.

--verbose, --quiet, --output-file, --output-files – control logging and export formats.

index

Indexes your codebase into a vector database. Must be run before any analysis.

review_code

Performs a full security review of the indexed codebase. Use --ignore-index to run without retrieval when no index is available.

review_file

Performs a targeted security review of a single file. Use --ignore-index to run without retrieval when no index is available.

review_patch

Reviews a diff/patch file and highlights potential security issues introduced by the change. Use --ignore-index to run without retrieval when no index is available.

update

Incrementally updates the index using a diff. Avoids full reindexing.

ask

Ask Metis anything about the indexed codebase. Useful for exploring architecture, identifying design patterns, or clarifying logic.

triage

Triages findings in a SARIF file and annotates each result with Metis triage metadata. You can use this command on SARIF generated by Metis or by other security/static-analysis tools. Use --ignore-index to triage without retrieval when no index is available. See docs/triage-flow.md for a short overview of how triage works.

Running in Non-Interactive Mode

Metis also supports a non-interactive mode, useful for automation, CI/CD pipelines, or scripted usage.

To use Metis in non-interactive mode, use the --non-interactive flag along with --command:

metis --non-interactive --command " [args...]" [--output-file ]

Examples

Example 1: Chroma (default)

metis --codebase-path

Example 2: Postgres

If you prefer not to use the default ChromaDB backend, you can switch to PostgreSQL either using a local installation or the provided Docker setup.

To get started quickly, run:

docker compose up -d

This will launch a PostgreSQL instance with the pgvector extension enabled, using the credentials specified in your docker-compose.yml.

Then, run Metis with the PostgreSQL backend:

metis \ --project-schema myproject_main \ --codebase-path \ --backend postgres

Example 3: Usage and output

> review_file src/memory/remap.c

Vulnerable source code:

// Remap memory addresses from one region to another for (uint32_t* ptr = start; ptr = OLD_REGION_BASE && value = OLD_REGION_BASE && value < OLD_REGION_BASE + REGION_SIZE) { value = ((value - OLD_REGION_BASE) + NEW_REGION_BASE); *ptr = value; } } This ensures that each entry is properly updated to point to the relocated memory region. Confidence: 1.0

Example 4: Run a full security review (non-interactive)

metis --non-interactive --command "review_code" --output-file results/full_review.json

Example 5: Review and auto-triage findings into SARIF

metis --non-interactive \ --triage \ --command "review_patch changes.diff" \ --output-file results/review.json \ --output-file results/review.sarif

Example 6: Triage an existing SARIF file in place

metis --non-interactive --command "triage results/review.sarif"

Example 7: Review without index-backed retrieval

metis --non-interactive \ --ignore-index \ --command "review_code" \ --output-file results/full_review.json

Example 8: Triage an existing SARIF file into a new output file

metis --non-interactive \ --include-triaged \ --output-file results/retriaged.sarif \ --command "triage results/review.sarif"

License

Metis is distributed under Apache v2.0 License.

About

Metis is an open-source, AI-driven tool for deep security code review

Resources

Readme

License

Apache-2.0 license

Security policy

Security policy

Uh oh!

There was an error while loading. Please reload this page.

Activity

Custom properties

Stars

562 stars

Watchers

6 watching

Forks

89 forks

Report repository

Releases 15

metis: v1.3.0

Latest

Mar 9, 2026

+ 14 releases

Packages 0

Uh oh!

There was an error while loading. Please reload this page.

Uh oh!

There was an error while loading. Please reload this page.

Contributors

Uh oh!

There was an error while loading. Please reload this page.

Languages

Python 92.0%

HTML 7.9%

Other 0.1%