Security DevOps CI / CD Framework.

What is Anteater?

Anteater is an open framework to prevent the unwanted merging of dangerous strings, filenames, binaries, depreciated functions, staging enviroment code / credentials etc.

Continous Integration

anteater runs as a DevOps gate check. Every patch / pull request is scanned. It easily integrates with Travis-CI, CircleCI and Jenkins

Open Source

anteater is 100% open source under an apache 2.0 license. You're free to make changes and we encourage community contributions.

Easy to customize

anteater is easy to customise with an open framework. There is no need to make code changes to implement your own checks and filters.

Virus Total API

anteater uses the 'crowd sourced' Virus Total API to verify any public IP addresses, url's or binaries found are safe to merge

Community Vault

Know of some expressions that are useful and want to share them? Looking for something in particular? Try the community vault (pending)

Wide adoption

anteater is used by the Linux Foundation, Red Hat, and independent security researchers.

Get Started


Anteater is best installed via pip

$ pip install anteater


Set content to block

    regex: app\.run\s*\(.*debug.*=.*True.*\)
    desc: "Running flask in debug mode can give away sensitive data"
  regex: import*.xreadlines|from*.xreadlines
  desc: "Using 'for line in file', introduced in 2.3, is preferable."

Set filenames to block

  - jenkins\.plugins\.publish_over_ssh\.BapSshPublisherPlugin\.xml
  -  (irb|plsq|mysql|bash|zsh)_history
  - \.gem\/credentials
  - key(store|ring)
  - ovpn
  - secret_token\.rb

Virus Total API - Binary Scanning

INFO - Non Whitelisted Binary file: /example_project/files/
INFO - Rate limit clear.
INFO - Report found, job complete.
ERROR - Virus Found!
INFO - File scan date for infected/ shows a infected status on: 2018-04-04 21:52:26
INFO - Full report avaliable here:

Virus Total API - IP Scanning

INFO - Found what I believe is an IP Address: command.server(host='', port=9190)
INFO - File python/ Parsed IP Address:
INFO - Rate limit active..please wait...
INFO - Rate limit clear.
ERROR - has been known to resolve to the following malicious urls: on date: 2018-04-04 20:02:51 on date: 2018-04-04 17:57:02 on date: 2018-04-04 11:55:50 on date: 2018-03-31 04:19:13
INFO - on date: 2018-03-31 04:19:13
INFO - on date: 2018-03-29 23:47:56

Virus Total API - URL Scanning

INFO - File shell/ contains what I believe is a URL: curl -L
INFO - Scanning:
INFO - Rate limit active..please wait...
INFO - Rate limit clear.
INFO - Report found, job complete for
ERROR - is recorded as a malicious site by ADMINUSLabs
ERROR - is recorded as a malware site by Yandex Safebrowsing
ERROR - Full report available here:

Full Documentation

For more indepth details, please refer to the latest documentation on our readthedocs site.

Read the Docs