DEV.co
Open-Source Security · Pantheon-Security

medusa

MEDUSA is an AI-first security scanner built in Python that detects 40,000+ security patterns with zero setup required. It specializes in AI/LLM supply-chain attacks, repository poisoning, and leaked credentials across agent frameworks, while supporting traditional SAST analysis with CVE coverage (200+) and native Rust/PHP rules.

Source: GitHub — github.com/Pantheon-Security/medusa
913
GitHub stars
152
Forks
Python
Primary language
AGPL-3.0
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
RepositoryPantheon-Security/medusa
OwnerPantheon-Security
Primary languagePython
LicenseAGPL-3.0 — OSI-approved
Stars913
Forks152
Open issues2
Latest releasev2026.7.0 (2026-06-24)
Last updated2026-06-24
Sourcehttps://github.com/Pantheon-Security/medusa

What medusa is

CLI tool that performs static analysis on codebases and AI chat/shell histories using pattern matching (regexes, structural rules, and attack signatures). Offers multi-core parallel scanning, smart caching, multiple export formats (JSON, SARIF, HTML, Markdown), and integrates with external linters (bandit, eslint, shellcheck) when available.

Quickstart

Get the medusa source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/Pantheon-Security/medusa.gitcd medusa# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

AI Agent & LLM Supply-Chain Defense

Detect prompt injection, MCP tool poisoning, Claude Code hook/permission exploits, and jailbreak payloads embedded in .claude/, .cursor/, or codebase configs before cloning or execution.

Developer Credential Leak Prevention

Scan and purge API keys, tokens, and private keys accidentally pasted into Claude, Cursor, Copilot, and shell history (bash, zsh, fish, psql, mysql REPL). 21 issuer types with interactive redaction and backup.

CI/CD DevSecOps Integration

Fast baseline SAST with 200+ CVE patterns (Log4Shell, Spring4Shell, LangChain RCE, XZ Utils). Export to SARIF for GitHub/GitLab/Snyk workflows; parallel multi-core scanning; works out-of-box on Linux/macOS/Windows.

Implementation considerations

  • Python 3.10+ required; installs via pip (PyPI available). Scanning starts immediately after install with `medusa scan` or `medusa secrets scan`—no external tool chains or database setup needed.
  • Interactive `medusa secrets purge` requires user confirmation per finding; backup files are created before any mutation. Ensure CI/CD pipeline can handle interactive mode or use `--non-interactive` flags if supported.
  • Parallel scanning uses multi-core; document resource requirements for large monorepos. Smart caching uses content hashing; verify correct behavior in ephemeral CI agents (cache invalidation).
  • Rule diagnostics available via `--trace-rules` flag for performance analysis and rule authoring validation. ReDoS vulnerabilities in custom regex patterns are linted at author time.
  • Configuration via `.medusa.yml`; scope rules, adjust fail-on thresholds, and enable optional external linters (bandit, eslint, shellcheck) if needed for hybrid coverage.

When to avoid it — and what to weigh

  • Need Deep Java/Spring Ecosystem Scanning — MEDUSA uses pattern matching, not bytecode/class analysis. Spring/J2EE vulnerabilities rely on regex heuristics rather than dataflow. Tools like Snyk or Checkmarx offer deeper semantic analysis.
  • Require Commercial Support SLA — MEDUSA is AGPL-3.0 licensed; commercial use and proprietary deployment require license review. No official commercial support SLA documented in the repository.
  • Cannot Accept Source-Code Disclosure Requirement — AGPL-3.0 requires disclosure of modified source code if tool is distributed or used in a network service. Organizations unwilling to open-source modifications should avoid or obtain alternative licensing.
  • Organization Requires Static Analysis Compliance Certification — No mention of OWASP Top 10 certification, FedRAMP, SOC 2, or CWE/CAPEC mappings. Suitable for baseline scanning; not positioned as enterprise compliance tool.

License & commercial use

AGPL-3.0 (GNU Affero General Public License v3.0). Copyleft license requiring source-code disclosure of any modifications and any network-service usage. Not a permissive OSI license for proprietary use without review.

AGPL-3.0 is a strong-copyleft license. Commercial use, proprietary deployment, or integration into distributed/network products requires legal review and likely alternative licensing arrangement. No commercial license documented in the repository. Consult legal counsel before integrating into closed-source products.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationStrong
License clarityClear
Deployment complexityLow
DEV.co fitStrong
Assessment confidenceHigh
Security considerations

MEDUSA is a security scanner, not a guarantee of safety. Considerations: (1) Pattern-matching approach has inherent false-negatives (semantic gaps). (2) Secrets purge modifies files in-place; backups are created, but recovery depends on organizational backup policy. (3) No mention of secure credential handling for API scans or external tool integrations. (4) AGPL-3.0 copyleft may attract supply-chain scrutiny in commercial environments. (5) ReDoS vulnerabilities in custom rules are mitigated by lint checks, but rule authors must follow guidelines. (6) Parallel processing may mask race conditions in external linters; verify linter thread-safety. (7) No explicit mention of telemetry; README states 'local-only, no telemetry' for secrets, but audit MEDUSA's own network behavior.

Alternatives to consider

Snyk

Commercial SaaS with semantic vulnerability database, proven CVE accuracy, and integrated remediation. Strong for enterprise compliance; higher cost and tighter lock-in.

Checkmarx / Klocwork

Enterprise static analysis with bytecode/LLVM analysis, dataflow, and compliance certifications (FedRAMP, SOC 2). Deeper semantic analysis; steeper onboarding and licensing cost.

Semgrep (OSS + Pro)

Open-source pattern-matching SAST with community rules and commercial tier. Simpler rule syntax than MEDUSA, strong DevOps integration, but narrower AI/LLM focus and smaller rule library.

Software development agency

Build on medusa with DEV.co software developers

Install MEDUSA and run `medusa scan --git <repo>` in seconds to detect prompt injection, MCP tool poisoning, and repo poisoning before cloning. For leaked credentials in your chat history, use `medusa secrets scan` and `medusa secrets purge` to find and redact 21+ issuer types.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

medusa FAQ

Can we use MEDUSA in a commercial product without open-sourcing our code?
Not without legal review and alternative licensing. AGPL-3.0 requires source-code disclosure if MEDUSA is modified or used in a network service. Contact the maintainers for commercial licensing options if necessary.
Does MEDUSA require internet access or phone-home telemetry?
README explicitly states secrets scanning is 'local-only, no telemetry.' Full tool behavior should be audited, but no external service dependency is documented. Scanning works offline.
How do we integrate MEDUSA into our CI/CD pipeline?
Export to SARIF or JSON formats; integrate with GitHub Actions, GitLab CI, or generic shell scripts. `--fail-on` flag allows gating on finding severity. Auto-detects external linters (bandit, eslint) for hybrid coverage if installed on runner.
What's the performance impact on large monorepos?
Multi-core parallel scanning is built-in (10-40x faster than sequential per README). Smart caching using content hashes skips unchanged files on rescans. Test on representative codebase; exact performance depends on rule complexity and file count.

Work with a software development agency

From first prototype to production, DEV.co delivers software development services around tools like medusa. Our software development agency staffs experienced software developers and web developers for custom software development, web development, integrations, and ongoing support across open-source security and beyond.

Scan Your AI Agent Codebase for Supply-Chain Attacks

Install MEDUSA and run `medusa scan --git <repo>` in seconds to detect prompt injection, MCP tool poisoning, and repo poisoning before cloning. For leaked credentials in your chat history, use `medusa secrets scan` and `medusa secrets purge` to find and redact 21+ issuer types.