Kiuwan for AI coding assistants allows supported AI assistants to run a Kiuwan security analysis on your project and help remediate the detected vulnerabilities directly from your editor.
The integration uses the Kiuwan Local Analyzer (KLA) to scan your code, retrieve the security findings, and work through the results with you. Each finding can be reviewed in context, explained by the assistant, and fixed with your approval.
For example, you can ask your assistant:
Run a Kiuwan scan and fix what it finds.The assistant runs the Kiuwan engine through KLA, retrieves the security findings, and helps you review and remediate them in your editor.
How it works
When you ask your AI coding assistant to run a Kiuwan scan, the assistant uses KLA to analyze your project in the same way as a standard Kiuwan local analysis.
The analysis results are uploaded to your Kiuwan account, so they remain available in your Kiuwan dashboards and baselines. This keeps the results consistent with your existing Kiuwan security data.
After the scan is complete, the findings are returned to the assistant for review and remediation in your editor. Each finding includes security information such as its CWE classification and its source-to-sink taint dataflow.
The assistant can then explain the issue and propose a fix. You can review the suggested change before applying it.
After applying fixes, run the scan again to confirm that the issues have been resolved.
Security findings and remediation
Each Kiuwan finding includes the full taint path, showing where untrusted input enters the code and where it reaches a potentially unsafe sink.
This allows the assistant to suggest fixes at the appropriate point in the dataflow. Depending on the issue, the remediation may involve sanitizing input at the source, using a safer API at the sink, or applying another appropriate fix in context.
This approach helps address the root cause of the vulnerability instead of only changing the affected line of code.
Requirements
Before using Kiuwan with an AI coding assistant, make sure you have the following:
- Kiuwan Local Analyzer (KLA) installed and configured.
- A Kiuwan account with credentials configured for KLA.
- A supported AI coding assistant that can run local commands, such as:
- Claude, using a skill
- Cursor, using a rule
- GitHub Copilot in agent mode, using an instructions file
No additional services, daemons, or installations are required beyond KLA.
Setup
Setup instructions and integration files for each supported AI coding assistant are available in the Kiuwan GitHub repository.
Download the files for your assistant from the repository and follow the setup steps for your environment before running your first scan.