skylos 2.2.4__tar.gz → 2.4.0__tar.gz

{skylos-2.2.4 → skylos-2.4.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: skylos
-Version: 2.2.4
+Version: 2.4.0
 Summary: A static analysis tool for Python codebases
 Author-email: oha <aaronoh2015@gmail.com>
 Requires-Python: >=3.9

{skylos-2.2.4 → skylos-2.4.0}/README.md

@@ -2,8 +2,11 @@
 
 ![License: Apache 2.0](https://img.shields.io/badge/License-Apache%202.0-blue.svg)
 ![100% Local](https://img.shields.io/badge/privacy-100%25%20local-brightgreen)
+![PyPI - Python Version](https://img.shields.io/pypi/pyversions/skylos)
 ![PyPI version](https://img.shields.io/pypi/v/skylos)
+![VS Code Marketplace](https://img.shields.io/visual-studio-marketplace/v/oha.skylos-vscode-extension)
 ![Security Policy](https://img.shields.io/badge/security-policy-brightgreen)
+![PRs welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg)
 
 <div align="center">
    <img src="assets/SKYLOS.png" alt="Skylos Logo" width="200">
@@ -25,7 +28,7 @@
 - [Web Interface](#web-interface)
 - [Design](#design)
 - [Test File Detection](#test-file-detection)
-- [Folder Management](#folder-management)
+- [Vibe Coding](#vibe-coding)
 - [Ignoring Pragmas](#ignoring-pragmas)
 - [Including & Excluding Files](#including--excluding-files)
 - [CLI Options](#cli-options)
@@ -33,6 +36,7 @@
 - [Interactive Mode](#interactive-mode)
 - [Development](#development)
 - [CI/CD (Pre-commit & GitHub Actions)](#cicd-pre-commit--github-actions)
+- [VS Code extension](#vsc-extension)
 - [FAQ](#faq)
 - [Limitations](#limitations)
 - [Troubleshooting](#troubleshooting)
@@ -52,8 +56,8 @@
 * **Unused Imports**: Identifies imports that are not used
 * **Folder Management**: Inclusion/exclusion of directories 
 * **Ignore Pragmas**: Skip lines tagged with `# pragma: no skylos`, `# pragma: no cover`, or `# noqa`
-**NEW** **Secrets Scanning (PoC, opt-in)**: Detects API keys & secrets (GitHub, GitLab, Slack, Stripe, AWS, Google, SendGrid, Twilio, private key blocks)
-**NEW** **Dangerous Patterns**: Flags risky code such as `eval/exec`, `os.system`, `subprocess(shell=True)`, `pickle.load/loads`, `yaml.load` without SafeLoader, hashlib.md5/sha1. Refer to `DANGEROUS_CODE.md` for the whole list.
+* **NEW** **Secrets Scanning (PoC, opt-in)**: Detects API keys & secrets (GitHub, GitLab, Slack, Stripe, AWS, Google, SendGrid, Twilio, private key blocks)
+* **NEW** **Dangerous Patterns**: Flags risky code such as `eval/exec`, `os.system`, `subprocess(shell=True)`, `pickle.load/loads`, `yaml.load` without SafeLoader, hashlib.md5/sha1. Refer to `DANGEROUS_CODE.md` for the whole list. This includes SQL injection, path traversal and any other security flaws that may arise from the practise of vibe-coding. 
 
 ## Benchmark (You can find this benchmark test in `test` folder)
 
@@ -112,8 +116,12 @@ skylos . --interactive --comment-out
 # Dry run - see what would be removed
 skylos --interactive --dry-run /path/to/your/project 
 
+# Load the results in json format
 skylos --json /path/to/your/project 
 
+# Load the results in table format
+skylos --table /path/to/your/project 
+
 # With confidence
 skylos path/to/your/file --confidence 20 ## or whatever value u wanna set
 ```
@@ -200,6 +208,49 @@ When Skylos detects a test file, it by default, will apply a confidence penalty
 /project/test_data.py 
 ```
 
+## Vibe-Coding
+
+We are aware that vibe coding has created a lot of vulnerabilities. To an AI, it's job is to spit out a list of tokens with the highest probability, whether it's right or not. This may introduce vulnerabilities in their applications. We have expanded Skylos to catch the most important problems first. 
+
+- SQL injection (cursor)
+- SQL injection (raw-API)
+- Command injection
+- SSRF
+- Path traversal
+- eval/exec
+- pickle.load/loads
+- yaml.load w/o SafeLoader
+- weak hashes MD5/SHA1
+- subprocess(..., shell=True)
+- requests(..., verify=False)
+
+### Quick Start
+
+```bash
+skylos /path/to/your/project --danger
+```
+
+### Examples that will be flagged
+
+```
+# SQLi (cursor)
+cur.execute(f"SELECT * FROM users WHERE name='{name}'")
+
+# SQLi (raw-api)
+pd.read_sql("SELECT * FROM users WHERE name='" + q + "'", conn)
+
+# Command injection
+os.system("zip -r out.zip " + folder)
+
+# SSRF
+requests.get(request.args["url"], timeout=3)
+
+# Path traversal
+with open(request.args.get("p"), "r") as f: ...
+```
+
+This list will be expanded in the near future. For more information, refer to `DANGEROUS_CODE.md` 
+
 ## Ignoring Pragmas
 
 1. To ignore any warning, indicate `# pragma: no skylos` **ON THE SAME LINE** as the function/class you want to ignore
@@ -252,6 +303,7 @@ Arguments:
 Options:
   -h, --help                   Show this help message and exit
   --json                       Output raw JSON instead of formatted text  
+  --table                      Output results in table format via the CLI
   -o, --output FILE            Write output to file instead of stdout
   -v, --verbose                Enable verbose output
   --version                    Checks version
@@ -368,7 +420,7 @@ jobs:
 ## .pre-commit-config.yaml
 repos:
   - repo: https://github.com/duriantaco/skylos
-    rev: v2.2.4
+    rev: v2.4.0
     hooks:
       - id: skylos-scan
         name: skylos report
@@ -418,7 +470,7 @@ repos:
         entry: python -m skylos.cli
         pass_filenames: false
         require_serial: true
-        additional_dependencies: [skylos==2.2.4]
+        additional_dependencies: [skylos==2.4.0]
         args: [".", "--output", "report.json", "--confidence", "70"]
 
       - id: skylos-fail-on-findings
@@ -474,6 +526,16 @@ jobs:
 
 **Pre commit behavior:** the second hook is soft by default (SKYLOS_SOFT=1). This means that it prints findings and passes. You can remove the env/logic if you want pre-commit to block commits on finding
 
+## VS Code extension
+
+Skylos has a VS Code extension that runs on save like a linter. Runs automatically on save of Python files. You will ll see squiggles + a popup like "Skylos found N items." For more information, refer to the VSC `README.md` inside the marketplace.
+
+### Install
+
+From VS Code Marketplace: "Skylos" (publisher: oha)
+
+Version: `0.1.0`
+
 ## Development
 
 ### Prerequisites
@@ -568,6 +630,7 @@ We welcome contributions! Please read our [Contributing Guidelines](CONTRIBUTING
 - [ ] Further optimization
 - [ ] Add new rules
 - [ ] Expanding on the `dangerous.py` list
+- [ ] Porting to uv
 
 ## License
 

{skylos-2.2.4 → skylos-2.4.0}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "skylos"
-version = "2.2.4"
+version = "2.4.0"
 requires-python = ">=3.9"
 description = "A static analysis tool for Python codebases"
 authors = [{name = "oha", email = "aaronoh2015@gmail.com"}]

{skylos-2.2.4 → skylos-2.4.0}/setup.py

@@ -2,7 +2,7 @@ from setuptools import setup, find_packages
 
 setup(
     name="skylos",
-    version="2.2.4",
+    version="2.4.0",
     packages=find_packages(),
     python_requires=">=3.9",
     install_requires=[

{skylos-2.2.4 → skylos-2.4.0}/skylos/__init__.py

@@ -1,4 +1,4 @@
-__version__ = "2.2.4"
+__version__ = "2.4.0"
 
 def analyze(*args, **kwargs):
     from .analyzer import analyze as _analyze

{skylos-2.2.4 → skylos-2.4.0}/skylos/analyzer.py

@@ -9,7 +9,7 @@ from skylos.visitor import Visitor
 from skylos.constants import ( PENALTIES, AUTO_CALLED )
 from skylos.visitors.test_aware import TestAwareVisitor
 from skylos.rules.secrets import scan_ctx as _secrets_scan_ctx
-from skylos.rules.dangerous import scan_ctx as scan_dangerous
+from skylos.rules.danger.danger import scan_ctx as scan_danger
 import os
 import traceback
 from skylos.visitors.framework_aware import FrameworkAwareVisitor, detect_framework_usage
@@ -239,7 +239,7 @@ class Skylos:
                     if method.simple_name == "format" and cls.endswith("Formatter"):
                         method.references += 1
 
-    def analyze(self, path, thr=60, exclude_folders= None, enable_secrets = False, enable_dangerous = False):
+    def analyze(self, path, thr=60, exclude_folders= None, enable_secrets = False, enable_danger = False):
         files, root = self._get_python_files(path, exclude_folders)
         
         if not files:
@@ -288,13 +288,15 @@ class Skylos:
                 except Exception:
                     pass
             
-            if enable_dangerous and scan_dangerous is not None:
+            if enable_danger and scan_danger is not None:
                 try:
-                    findings = scan_dangerous(root, [file])
+                    findings = scan_danger(root, [file])
                     if findings:
                         all_dangers.extend(findings)
-                except Exception:
-                    pass
+                except Exception as e:
+                    logger.error(f"Error scanning {file} for dangerous code: {e}")
+                    if os.getenv("SKYLOS_DEBUG"):
+                        logger.error(traceback.format_exc())
 
         self._mark_refs()
         self._apply_heuristics() 
@@ -331,9 +333,9 @@ class Skylos:
             result["secrets"] = all_secrets
             result["analysis_summary"]["secrets_count"] = len(all_secrets)
         
-        if enable_dangerous and all_dangers:
-            result["dangerous"] = all_dangers
-            result["analysis_summary"]["dangerous_count"] = len(all_dangers)
+        if enable_danger and all_dangers:
+            result["danger"] = all_dangers
+            result["analysis_summary"]["danger_count"] = len(all_dangers)
 
         for u in unused:
             if u["type"] in ("function", "method"):
@@ -386,75 +388,104 @@ def proc_file(file_or_args, mod=None):
 
         return [], [], set(), set(), dummy_visitor, dummy_framework_visitor
 
-def analyze(path, conf=60, exclude_folders=None, enable_secrets=False, enable_dangerous=False):
-    return Skylos().analyze(path,conf, exclude_folders, enable_secrets, enable_dangerous)
+def analyze(path, conf=60, exclude_folders=None, enable_secrets=False, enable_danger=False):
+    return Skylos().analyze(path,conf, exclude_folders, enable_secrets, enable_danger)
 
 if __name__ == "__main__":
-    if len(sys.argv)>1:
-        p = sys.argv[1]
-        
-        if len(sys.argv) > 2:
-            confidence = int(sys.argv[2])
-        else:
-            confidence = 60
+    enable_secrets = ("--secrets" in sys.argv)
+    enable_danger  = ("--danger"  in sys.argv)
 
-        result = analyze(p,confidence)
-        
-        data = json.loads(result)
-        print("\n Python Static Analysis Results")
-        print("===================================\n")
-        
-        total_items = 0
-        for key, items in data.items():
-            if key.startswith("unused_") and isinstance(items, list):
-                total_items += len(items)
-        
-        print("Summary:")
-        if data["unused_functions"]:
-            print(f" * Unreachable functions: {len(data['unused_functions'])}")
-        if data["unused_imports"]:
-            print(f" * Unused imports: {len(data['unused_imports'])}")
-        if data["unused_classes"]:
-            print(f" * Unused classes: {len(data['unused_classes'])}")
-        if data["unused_variables"]:
-            print(f" * Unused variables: {len(data['unused_variables'])}")
-        
-        if data["unused_functions"]:
-            print("\n - Unreachable Functions")
-            print("=======================")
-            for i, func in enumerate(data["unused_functions"], 1):
-                print(f" {i}. {func['name']}")
-                print(f"    └─ {func['file']}:{func['line']}")
-        
-        if data["unused_imports"]:
-            print("\n - Unused Imports")
-            print("================")
-            for i, imp in enumerate(data["unused_imports"], 1):
-                print(f" {i}. {imp['simple_name']}")
-                print(f"    └─ {imp['file']}:{imp['line']}")
-        
-        if data["unused_classes"]:
-            print("\n - Unused Classes")
-            print("=================")
-            for i, cls in enumerate(data["unused_classes"], 1):
-                print(f" {i}. {cls['name']}")
-                print(f"    └─ {cls['file']}:{cls['line']}")
-                
-        if data["unused_variables"]:
-            print("\n - Unused Variables")
-            print("==================")
-            for i, var in enumerate(data["unused_variables"], 1):
-                print(f" {i}. {var['name']}")
-                print(f"    └─ {var['file']}:{var['line']}")
-        
-        print("\n" + "─" * 50)
-        print(f"Found {total_items} dead code items. Add this badge to your README:")
-        print(f"```markdown")
-        print(f"![Dead Code: {total_items}](https://img.shields.io/badge/Dead_Code-{total_items}_detected-orange?logo=codacy&logoColor=red)")
-        print(f"```")
+    positional = [a for a in sys.argv[1:] if not a.startswith("--")]
+
+    if not positional:
+        print("Usage: python Skylos.py <path> [confidence_threshold] [--secrets] [--danger]")
+        sys.exit(2)
+
+    p = positional[0]
+    confidence = int(positional[1]) if len(positional) > 1 else 60
+
+    result = analyze(p, confidence, enable_secrets=enable_secrets, enable_danger=enable_danger)
         
-        print("\nNext steps:")
-        print("  * Use --interactive to select specific items to remove")
-        print("  * Use --dry-run to preview changes before applying them")
+    data = json.loads(result)
+    print("\n Python Static Analysis Results")
+    print("===================================\n")
+    
+    total_dead = 0
+    for key, items in data.items():
+        if key.startswith("unused_") and isinstance(items, list):
+            total_dead += len(items)
+
+    danger_count = data.get("analysis_summary", {}).get("danger_count", 0) if enable_danger else 0
+    secrets_count = data.get("analysis_summary", {}).get("secrets_count", 0) if enable_secrets else 0
+    
+    print("Summary:")
+    if data["unused_functions"]:
+        print(f" * Unreachable functions: {len(data['unused_functions'])}")
+    if data["unused_imports"]:
+        print(f" * Unused imports: {len(data['unused_imports'])}")
+    if data["unused_classes"]:
+        print(f" * Unused classes: {len(data['unused_classes'])}")
+    if data["unused_variables"]:
+        print(f" * Unused variables: {len(data['unused_variables'])}")
+    if enable_danger:
+        print(f" * Security issues: {danger_count}")
+    if enable_secrets:
+        print(f" * Secrets found: {secrets_count}")
+
+    if data["unused_functions"]:
+        print("\n - Unreachable Functions")
+        print("=======================")
+        for i, func in enumerate(data["unused_functions"], 1):
+            print(f" {i}. {func['name']}")
+            print(f"    └─ {func['file']}:{func['line']}")
+    
+    if data["unused_imports"]:
+        print("\n - Unused Imports")
+        print("================")
+        for i, imp in enumerate(data["unused_imports"], 1):
+            print(f" {i}. {imp['simple_name']}")
+            print(f"    └─ {imp['file']}:{imp['line']}")
+    
+    if data["unused_classes"]:
+        print("\n - Unused Classes")
+        print("=================")
+        for i, cls in enumerate(data["unused_classes"], 1):
+            print(f" {i}. {cls['name']}")
+            print(f"    └─ {cls['file']}:{cls['line']}")
+            
+    if data["unused_variables"]:
+        print("\n - Unused Variables")
+        print("==================")
+        for i, var in enumerate(data["unused_variables"], 1):
+            print(f" {i}. {var['name']}")
+            print(f"    └─ {var['file']}:{var['line']}")
+
+    if enable_danger and data.get("danger"):
+        print("\n - Security Issues")
+        print("================")
+        for i, f in enumerate(data["danger"], 1):
+            print(f" {i}. {f['message']} [{f['rule_id']}] ({f['file']}:{f['line']}) Severity: {f['severity']}")
+
+    if enable_secrets and data.get("secrets"):
+        print("\n - Secrets")
+        print("==========")
+        for i, s in enumerate(data["secrets"], 1):
+            rid = s.get("rule_id", "SECRET")
+            msg = s.get("message", "Potential secret")
+            file = s.get("file")
+            line = s.get("line", 1)
+            sev = s.get("severity", "HIGH")
+            print(f" {i}. {msg} [{rid}] ({file}:{line}) Severity: {sev}")
+    
+    print("\n" + "─" * 50)
+    if enable_danger:
+        print(f"Found {total_dead} dead code items and {danger_count} security flaws. Add this badge to your README:")
     else:
-        print("Usage: python Skylos.py <path> [confidence_threshold]")
+        print(f"Found {total_dead} dead code items. Add this badge to your README:")
+    print("```markdown")
+    print(f"![Dead Code: {total_dead}](https://img.shields.io/badge/Dead_Code-{total_dead}_detected-orange?logo=codacy&logoColor=red)")
+    print("```")
+    
+    print("\nNext steps:")
+    print("  * Use --interactive to select specific items to remove")
+    print("  * Use --dry-run to preview changes before applying them")

{skylos-2.2.4 → skylos-2.4.0}/skylos/cli.py

@@ -159,19 +159,25 @@ def interactive_selection(logger, unused_functions, unused_imports):
     
     return selected_functions, selected_imports
 
-def print_badge(dead_code_count: int, logger):
+def print_badge(dead_code_count, logger, *, danger_enabled = False, danger_count = 0):
     logger.info(f"\n{Colors.GRAY}{'─' * 50}{Colors.RESET}")
     
-    if dead_code_count == 0:
-        logger.info(f" Your code is 100% dead code free! Add this badge to your README:")
+    if dead_code_count == 0 and (not danger_enabled or danger_count == 0):
+        logger.info(" Your code is 100% dead code free! Add this badge to your README:")
         logger.info("```markdown")
         logger.info("![Dead Code Free](https://img.shields.io/badge/Dead_Code-Free-brightgreen?logo=moleculer&logoColor=white)")
         logger.info("```")
+        return
+
+    if danger_enabled:
+        logger.info(f"Found {dead_code_count} dead code items and {danger_count} security flaws. Add this badge to your README:")
     else:
         logger.info(f"Found {dead_code_count} dead code items. Add this badge to your README:")
-        logger.info("```markdown")  
-        logger.info(f"![Dead Code: {dead_code_count}](https://img.shields.io/badge/Dead_Code-{dead_code_count}_detected-orange?logo=codacy&logoColor=red)")
-        logger.info("```")
+
+    logger.info("```markdown")  
+    logger.info(f"![Dead Code: {dead_code_count}](https://img.shields.io/badge/Dead_Code-{dead_code_count}_detected-orange?logo=codacy&logoColor=red)")
+    logger.info("```")
+
 
 def main():
     if len(sys.argv) > 1 and sys.argv[1] == 'run':
@@ -188,6 +194,12 @@ def main():
     )
     parser.add_argument("path", help="Path to the Python project")
 
+    parser.add_argument(
+        "--table",
+        action="store_true",
+        help="Show findings in table"
+    )
+
     parser.add_argument(
         "--version",
         action="version", 
@@ -307,7 +319,8 @@ def main():
             logger.info(f"{Colors.GREEN}📁 No folders excluded{Colors.RESET}")
 
     try:
-        result_json = run_analyze(args.path, conf=args.confidence, enable_secrets=bool(args.secrets), exclude_folders=list(final_exclude_folders))
+        result_json = run_analyze(args.path, conf=args.confidence, enable_secrets=bool(args.secrets), 
+                                  enable_danger=bool(args.danger), exclude_folders=list(final_exclude_folders))
 
         if args.json:
             print(result_json)
@@ -318,6 +331,121 @@ def main():
     except Exception as e:
         logger.error(f"Error during analysis: {e}")
         sys.exit(1)
+    
+    if args.table:
+        ELLIPSIS = "…"
+
+        def clip(text, max_length):
+            if not text:
+                text = ""
+            
+            if len(text) <= max_length:
+                return text
+            
+            truncated_end = max(0, max_length - 1)
+            return text[:truncated_end] + ELLIPSIS
+
+        def severity_color(severity):
+            severity_upper = (severity or "").upper()
+            
+            if severity_upper in ("HIGH", "CRITICAL"):
+                return Colors.RED
+            elif severity_upper == "MEDIUM":
+                return Colors.YELLOW
+            else:
+                return Colors.GRAY
+
+        print(f"\n{Colors.CYAN}{Colors.BOLD}Unused {Colors.RESET}")
+        print(f"{Colors.CYAN}{'='*18}{Colors.RESET}")
+
+        print(f"{Colors.BOLD}{'kind':9} {'name':28} {'where'}{Colors.RESET}")
+        print(f"{'-'*9} {'-'*28} {'-'*36}")
+        
+        unused_categories = [
+            ("unused_functions", "function"),
+            ("unused_imports", "import"),
+            ("unused_classes", "class"),
+            ("unused_variables", "variable"),
+            ("unused_parameters", "parameter"),
+        ]
+
+        for bucket, kind in unused_categories:
+            items = result.get(bucket, [])
+            for item in items:
+                name = item.get("name") or item.get("simple_name") or ""
+                file_path = item.get('file', '?')
+                line_num = item.get('line', item.get('lineno', '?'))
+                where = f"{file_path}:{line_num}"
+                
+                clipped_name = clip(name, 28)
+                clipped_where = clip(where, 36)
+                print(f"{kind:9} {clipped_name:28} {clipped_where}")
+
+        secrets = result.get("secrets", []) or []
+        if secrets:
+            print(f"\n{Colors.RED}{Colors.BOLD}Secrets{Colors.RESET}")
+            print(f"{Colors.RED}{'=' * 7}{Colors.RESET}")
+            print(f"{Colors.BOLD}{'provider':12} {'message':22} {'preview':24} {'where'}{Colors.RESET}")
+            print(f"{'-' * 12} {'-' * 22} {'-' * 24} {'-' * 36}")
+            
+            for secret in secrets[:100]:
+                provider = clip(secret.get("provider") or "generic", 12)
+                message = clip(secret.get("message") or "Secret detected", 22)
+                preview = clip(secret.get("preview") or "****", 24)
+                
+                file_path = secret.get('file', '?')
+                line_num = secret.get('line', '?')
+                location = f"{file_path}:{line_num}"
+                clipped_location = clip(location, 36)
+                
+                print(f"{Colors.MAGENTA}{provider:12}{Colors.RESET} {message:22} {preview:24} {clipped_location}")
+
+            
+        security_issues = result.get("danger", [])
+        if security_issues:
+            print(f"\n{Colors.RED}{Colors.BOLD}Security issues{Colors.RESET}")
+            print(f"{Colors.RED}{'=' * 15}{Colors.RESET}")
+            print(f"{Colors.BOLD}{'rule_id':10} {'sev':5} {'message':38} {'where'}{Colors.RESET}")
+            print(f"{'-' * 10} {'-' * 5} {'-' * 38} {'-' * 36}")
+            
+            for issue in security_issues[:100]:
+                rule_id = clip(issue.get("rule_id") or "", 10)
+                severity = (issue.get("severity") or "").upper()
+                message = clip(issue.get("message") or "", 38)
+                
+                file_path = issue.get('file', '?')
+                line_num = issue.get('line', '?')
+                location = f"{file_path}:{line_num}"
+                clipped_location = clip(location, 36)
+                
+                severity_color_code = severity_color(severity)
+                clipped_severity = clip(severity, 5)
+                
+                print(f"{rule_id:10} {severity_color_code}{clipped_severity:5}{Colors.RESET} {message:38} {clipped_location}")
+
+        summ = result.get("analysis_summary", {})
+        unused_keys = [
+            "unused_functions",
+            "unused_imports", 
+            "unused_classes",
+            "unused_variables",
+            "unused_parameters"
+        ]
+
+        total_unused = 0
+        for k in unused_keys:
+            total_unused += len(result.get(k, []))
+  
+        print(f"\n{Colors.BOLD}Summary{Colors.RESET}")
+
+        print("=======")
+        print(f"files analyzed : {summ.get('total_files','?')}")
+        print(f"unused items   : {total_unused}")
+        if "secrets_count" in summ:
+            print(f"secrets        : {summ['secrets_count']}")
+        if "danger_count" in summ:
+            print(f"security issues: {summ['danger_count']}")
+        return
 
     if args.json:
         lg = logging.getLogger('skylos')
@@ -335,6 +463,7 @@ def main():
     unused_variables = result.get("unused_variables", [])
     unused_classes = result.get("unused_classes", [])
     secrets_findings = result.get("secrets", [])
+    danger_findings = result.get("danger", [])
     
     logger.info(f"{Colors.CYAN}{Colors.BOLD} Python Static Analysis Results{Colors.RESET}")
     logger.info(f"{Colors.CYAN}{'=' * 35}{Colors.RESET}")
@@ -347,6 +476,8 @@ def main():
     logger.info(f" * Unused classes: {Colors.YELLOW}{len(unused_classes)}{Colors.RESET}")
     if secrets_findings:
         logger.info(f" * Secrets: {Colors.RED}{len(secrets_findings)}{Colors.RESET}")
+    if danger_findings:
+        logger.info(f" * Security issues: {Colors.RED}{len(danger_findings)}{Colors.RESET}")
 
     if args.interactive and (unused_functions or unused_imports):
         logger.info(f"\n{Colors.BOLD}Interactive Mode:{Colors.RESET}")
@@ -477,10 +608,27 @@ def main():
                 prev = s.get("preview", "****")
                 msg = s.get("message", "Secret detected")
                 logger.info(f"{Colors.GRAY}{i:2d}. {Colors.RESET}{msg} [{provider}] {Colors.GRAY}({where}){Colors.RESET} -> {prev}")
+        
+        if danger_findings:
+            logger.info(f"\n{Colors.RED}{Colors.BOLD} - Security Issues{Colors.RESET}")
+            logger.info(f"{Colors.RED}{'=' * 16}{Colors.RESET}")
+            for i, d in enumerate(danger_findings[:20], 1):
+                rule_id = d.get("rule_id", "unknown_rule")
+                severity = d.get("severity", "UNKNOWN").upper()
+                message = d.get("message", "Issue detected")
+                file = d.get("file", "?")
+                line = d.get("line", "?")
+                logger.info(f"{Colors.GRAY}{i:2d}. {Colors.RESET}{message} [{rule_id}] {Colors.GRAY}({file}:{line}){Colors.RESET} Severity: {severity}")
 
         dead_code_count = len(unused_functions) + len(unused_imports) + len(unused_variables) + len(unused_classes) + len(unused_parameters)
 
-        print_badge(dead_code_count, logger)
+        danger_count = len(danger_findings) if args.danger else 0
+        print_badge(
+            dead_code_count,
+            logger,
+            danger_enabled=bool(args.danger),
+            danger_count=danger_count,
+        )
 
         if unused_functions or unused_imports:
             logger.info(f"\n{Colors.BOLD}Next steps:{Colors.RESET}")