\nNote that the download process may take some time depending on system performance.<\/p>\n<\/blockquote>\n\n\n\n
Step 2: Create a Python Virtual Environment<\/h3>\n\n\n\n Using a virtual environment ensures that FalconEye does not affect other tools on the system.<\/p>\n\n\n\n
python3.12 -m venv .\/FalconEye<\/pre>\n\n\n\nActivate the virtual environment using the following command.<\/p>\n\n\n\n
source .\/FalconEye\/bin\/activate<\/pre>\n\n\n\nStep 3: Clone the FalconEye Repository<\/h3>\n\n\n\n Once the virtual environment is active, clone the FalconEye repository from GitHub.<\/p>\n\n\n\n
git clone https:\/\/github.com\/FalconEYE-ai\/FalconEYE.gitStep 4: Install FalconEye<\/h3>\n\n\n\n Install FalconEye using the following command.<\/p>\n\n\n\n
pip install -e .<\/pre>\n\n\n\nAt this stage, the FalconEye command line tool should be available. The figure below shows FalconEye being installed successfully.<\/p>\n\n\n\nScanning the Code<\/h2>\n\n\n\nIndexing the Codebase<\/h3>\n\n\n\n Before performing any analysis, the codebase must be indexed. This step converts the source code into embeddings that will later be used for retrieval.<\/p>\n\n\n\n
falconeye index ~\/Desktop\/vuln-scan-demo<\/pre>\n\n\n\nOnce indexing is completed, FalconEye displays a summary including<\/p>\n\n\n\n
\nNumber of indexed files<\/li>\n\n\n\n Detected programming language<\/li>\n\n\n\n Total lines of code<\/li>\n<\/ul>\n\n\n\nThe figure below shows indexing completed successfully.<\/p>\n\n\n\nRunning the Security Review<\/h3>\n\n\n\n After indexing, the security review can be performed using the following command.<\/p>\n\n\n\n
falconeye review ~\/Desktop\/vuln-scan-demo<\/pre>\n\n\n\nAt this point, FalconEye analyses the indexed codebase and reports potential security issues.<\/p>\n\n\n\n
The figure below shows that multiple vulnerabilities have been flagged by FalconEye.<\/p>\n\n\n\n\nNote: FalconEye also generates a report. The above screenshots were taken during the scanning stage.<\/p>\n<\/blockquote>\n\n\n\n
Analysing the Findings<\/h3>\n\n\n\n From the results, FalconEye successfully identified several high risk issues including:<\/p>\n\n\n\n
\nCommand injection vulnerabilities caused by unsanitised user input<\/li>\n\n\n\n SQL injection vulnerabilities due to unsafe string concatenation<\/li>\n\n\n\n Hardcoded credentials in the source code<\/li>\n<\/ul>\n\n\n\nThese findings are consistent with what would typically be identified during a manual source code review. The figure below shows a snippet of the source code that confirms the application is vulnerable.<\/p>\n\n\n\n
User supplied input is passed directly into system level commands:<\/p>\n\n\n\nSQL queries are constructed using unvalidated input:<\/p>\n\n\n\nAuthentication credentials are hardcoded in the source code:<\/p>\n\n\n\nThis confirms that FalconEye was able to correctly reason about security risks rather than simply matching patterns. Additionally, when my colleague used the tool during the assessment, it successfully identified the majority of the vulnerabilities, which was highly impressive.<\/p>\n\n\n\n
Key Takeaways<\/h2>\n\n\n\n Based on this initial assessment, FalconEye demonstrates the following strengths<\/p>\n\n\n\n
\nProvides meaningful context around why the code is vulnerable<\/li>\n\n\n\n Works well as a prioritisation and review assistance tool<\/li>\n\n\n\n Performs analysis fully offline which is critical for client engagements<\/li>\n<\/ul>\n\n\n\nThat said, FalconEye should not be treated as a replacement for manual source code review. Human validation is still required to confirm exploitability, assess business impact, and eliminate false positives.<\/p>\n\n\n\n
DIsclaimer: FalconEye was run against a demo application that was created purely for this blog. Results against real world applications may vary depending on code quality, framework usage, and application complexity.<\/p>\n\n\n\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
Recently, my colleague was tasked with performing a source code review on a relatively large codebase. Given the size of the project, I started exploring whether a locally hosted LLM could be used to assist with the review, together with manual analysis. The key requirement was that everything must run locally. The source code contains … <\/p>\n
Continue reading “LLM Assisted Source Code Review Using FalconEye”<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-220","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/jasveermaan.com\/index.php\/wp-json\/wp\/v2\/posts\/220","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jasveermaan.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jasveermaan.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jasveermaan.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jasveermaan.com\/index.php\/wp-json\/wp\/v2\/comments?post=220"}],"version-history":[{"count":6,"href":"https:\/\/jasveermaan.com\/index.php\/wp-json\/wp\/v2\/posts\/220\/revisions"}],"predecessor-version":[{"id":239,"href":"https:\/\/jasveermaan.com\/index.php\/wp-json\/wp\/v2\/posts\/220\/revisions\/239"}],"wp:attachment":[{"href":"https:\/\/jasveermaan.com\/index.php\/wp-json\/wp\/v2\/media?parent=220"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jasveermaan.com\/index.php\/wp-json\/wp\/v2\/categories?post=220"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jasveermaan.com\/index.php\/wp-json\/wp\/v2\/tags?post=220"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
![\"\"](\"https:\/\/jasveermaan.com\/wp-content\/uploads\/2026\/01\/FalconEye-Installing.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/jasveermaan.com\/wp-content\/uploads\/2026\/01\/Index.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/jasveermaan.com\/wp-content\/uploads\/2026\/01\/Vuln1.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/jasveermaan.com\/wp-content\/uploads\/2026\/01\/Vuln2.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/jasveermaan.com\/wp-content\/uploads\/2026\/01\/Vuln3.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/jasveermaan.com\/wp-content\/uploads\/2026\/01\/Code1.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/jasveermaan.com\/wp-content\/uploads\/2026\/01\/Code2.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/jasveermaan.com\/wp-content\/uploads\/2026\/01\/Code3.png\")
<\/figure>\n\n\n\n