PerfOSec FAQs

Question 1

What types of security and performance scanners does PerfOSec integrate?

Accepted Answer

PerfOSec integrates a wide range of scanners including Semgrep for SAST, gitleaks for secret detection, npm/pip audit for SCA (Software Composition Analysis), k6 for backend performance testing, Lighthouse for frontend metrics, and optionally OWASP ZAP for DAST.

Question 2

How does PerfOSec benefit AI coding assistants?

Accepted Answer

PerfOSec addresses the challenges of fragmented tools and token-inefficient reports by providing compressed, context-aware outputs and generating specific instructions. This allows AI agents like Claude Code, Cursor, and Gemini to understand scanner findings and act upon them effectively, directly improving code quality and security.

Question 3

What is PerfOSec?

Accepted Answer

PerfOSec is a Meta-MCP-Gateway that orchestrates various security and performance scanners (like Semgrep, gitleaks, k6), intelligently compresses their outputs, and automatically generates AI agent instructions. This enables AI coding assistants to efficiently verify and stabilize code.

Question 4

What is 'diff-mode reporting' and how does it help?

Accepted Answer

Diff-mode reporting is a key feature that, combined with baseline suppression, focuses only on *new* security and performance findings in code changes. This helps developers and AI agents quickly identify and fix introduced issues, avoiding noise from pre-existing known problems.

Question 5

Is PerfOSec easy to set up and integrate into my workflow?

Accepted Answer

Yes, PerfOSec is designed for ease of use. It automates the installation and setup of integrated scanners with OS detection. Once installed, a simple `perfosec init` command prepares your project, and it can be registered with popular AI agents like Claude Code, Cursor, and GitHub Copilot in just a few steps.

PerfOSec

PerfOSec

주요 기능

사용 사례

주요 기능

사용 사례