ScanWarden
Platform Guide

AI Validation

Reducing false positives with Large Language Models

ScanWarden uses AI agents to process findings. This is not a generative scan of your entire codebase (which is slow and prone to hallucinations). Instead, it is a targeted verification of specific alerts identified by deterministic scanners.

Cross-Tool Deduplication

We also leverage LLMs for advanced deduplication.

Example:

  • Gitleaks finds an "AWS Access Key".
  • Semgrep finds a "Hardcoded Secret" on the same line.

Traditionally, these would be two separate alerts. The ScanWarden AI agent analyzes both, determines that they refer to the same physical line, and groups them into Clusters with merged metadata.

Screenshot: Finding Cluster Card

Operations that use LLMs under the hood consume tokens. You can view overall token usage statistics on the scan page.

Screenshot: Token Usage Card

Findings & Triage

Managing the vulnerability lifecycle

Integrations

Connecting Git providers and Notification channels

On this page

Cross-Tool Deduplication