medusa
MEDUSA is an AI-first security scanner built in Python that detects 40,000+ security patterns with zero setup required. It specializes in AI/LLM supply-chain attacks, repository poisoning, and leaked credentials across agent frameworks, while supporting traditional SAST analysis with CVE coverage (200+) and native Rust/PHP rules.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | Pantheon-Security/medusa |
| Owner | Pantheon-Security |
| Primary language | Python |
| License | AGPL-3.0 — OSI-approved |
| Stars | 913 |
| Forks | 152 |
| Open issues | 2 |
| Latest release | v2026.7.0 (2026-06-24) |
| Last updated | 2026-06-24 |
| Source | https://github.com/Pantheon-Security/medusa |
What medusa is
CLI tool that performs static analysis on codebases and AI chat/shell histories using pattern matching (regexes, structural rules, and attack signatures). Offers multi-core parallel scanning, smart caching, multiple export formats (JSON, SARIF, HTML, Markdown), and integrates with external linters (bandit, eslint, shellcheck) when available.
Get the medusa source
Clone the repository and explore it locally.
git clone https://github.com/Pantheon-Security/medusa.gitcd medusa# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Python 3.10+ required; installs via pip (PyPI available). Scanning starts immediately after install with `medusa scan` or `medusa secrets scan`—no external tool chains or database setup needed.
- Interactive `medusa secrets purge` requires user confirmation per finding; backup files are created before any mutation. Ensure CI/CD pipeline can handle interactive mode or use `--non-interactive` flags if supported.
- Parallel scanning uses multi-core; document resource requirements for large monorepos. Smart caching uses content hashing; verify correct behavior in ephemeral CI agents (cache invalidation).
- Rule diagnostics available via `--trace-rules` flag for performance analysis and rule authoring validation. ReDoS vulnerabilities in custom regex patterns are linted at author time.
- Configuration via `.medusa.yml`; scope rules, adjust fail-on thresholds, and enable optional external linters (bandit, eslint, shellcheck) if needed for hybrid coverage.
When to avoid it — and what to weigh
- Need Deep Java/Spring Ecosystem Scanning — MEDUSA uses pattern matching, not bytecode/class analysis. Spring/J2EE vulnerabilities rely on regex heuristics rather than dataflow. Tools like Snyk or Checkmarx offer deeper semantic analysis.
- Require Commercial Support SLA — MEDUSA is AGPL-3.0 licensed; commercial use and proprietary deployment require license review. No official commercial support SLA documented in the repository.
- Cannot Accept Source-Code Disclosure Requirement — AGPL-3.0 requires disclosure of modified source code if tool is distributed or used in a network service. Organizations unwilling to open-source modifications should avoid or obtain alternative licensing.
- Organization Requires Static Analysis Compliance Certification — No mention of OWASP Top 10 certification, FedRAMP, SOC 2, or CWE/CAPEC mappings. Suitable for baseline scanning; not positioned as enterprise compliance tool.
License & commercial use
AGPL-3.0 (GNU Affero General Public License v3.0). Copyleft license requiring source-code disclosure of any modifications and any network-service usage. Not a permissive OSI license for proprietary use without review.
AGPL-3.0 is a strong-copyleft license. Commercial use, proprietary deployment, or integration into distributed/network products requires legal review and likely alternative licensing arrangement. No commercial license documented in the repository. Consult legal counsel before integrating into closed-source products.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Strong |
| License clarity | Clear |
| Deployment complexity | Low |
| DEV.co fit | Strong |
| Assessment confidence | High |
MEDUSA is a security scanner, not a guarantee of safety. Considerations: (1) Pattern-matching approach has inherent false-negatives (semantic gaps). (2) Secrets purge modifies files in-place; backups are created, but recovery depends on organizational backup policy. (3) No mention of secure credential handling for API scans or external tool integrations. (4) AGPL-3.0 copyleft may attract supply-chain scrutiny in commercial environments. (5) ReDoS vulnerabilities in custom rules are mitigated by lint checks, but rule authors must follow guidelines. (6) Parallel processing may mask race conditions in external linters; verify linter thread-safety. (7) No explicit mention of telemetry; README states 'local-only, no telemetry' for secrets, but audit MEDUSA's own network behavior.
Alternatives to consider
Snyk
Commercial SaaS with semantic vulnerability database, proven CVE accuracy, and integrated remediation. Strong for enterprise compliance; higher cost and tighter lock-in.
Checkmarx / Klocwork
Enterprise static analysis with bytecode/LLVM analysis, dataflow, and compliance certifications (FedRAMP, SOC 2). Deeper semantic analysis; steeper onboarding and licensing cost.
Semgrep (OSS + Pro)
Open-source pattern-matching SAST with community rules and commercial tier. Simpler rule syntax than MEDUSA, strong DevOps integration, but narrower AI/LLM focus and smaller rule library.
Build on medusa with DEV.co software developers
Install MEDUSA and run `medusa scan --git <repo>` in seconds to detect prompt injection, MCP tool poisoning, and repo poisoning before cloning. For leaked credentials in your chat history, use `medusa secrets scan` and `medusa secrets purge` to find and redact 21+ issuer types.
Talk to DEV.coRelated open-source tools
Surfaced by semantic similarity across the DEV.co open-source index.
Related on DEV.co
Explore the category and the services that help you build with it.
medusa FAQ
Can we use MEDUSA in a commercial product without open-sourcing our code?
Does MEDUSA require internet access or phone-home telemetry?
How do we integrate MEDUSA into our CI/CD pipeline?
What's the performance impact on large monorepos?
Work with a software development agency
From first prototype to production, DEV.co delivers software development services around tools like medusa. Our software development agency staffs experienced software developers and web developers for custom software development, web development, integrations, and ongoing support across open-source security and beyond.
Scan Your AI Agent Codebase for Supply-Chain Attacks
Install MEDUSA and run `medusa scan --git <repo>` in seconds to detect prompt injection, MCP tool poisoning, and repo poisoning before cloning. For leaked credentials in your chat history, use `medusa secrets scan` and `medusa secrets purge` to find and redact 21+ issuer types.