Scan test sources across Java (JUnit 5, JUnit 4, TestNG), C# (xUnit, NUnit, MSTest), and TypeScript/JavaScript (Jest, Vitest, Mocha); build a structured security test inventory and enrich results with AI-generated classification — without compiling a single class.
Capabilities
Discovers test methods via lexical parsing — no compilation required. Supports Java (JUnit 5, JUnit 4, TestNG), C# (xUnit, NUnit, MSTest), and TypeScript/JavaScript (Jest, Vitest, Mocha); framework detected automatically.
Integrates with ten providers — Ollama (local), OpenAI, Anthropic, Azure OpenAI, Mistral, Groq, xAI, GitHub Models, and OpenRouter — to label each test by security relevance, taxonomy tags, and human-readable rationale.
Only test source files are submitted — production code is never read or transmitted.Exports results as CSV (default), plain text, or SARIF 2.1.0 for direct integration with GitHub Code Scanning and other SAST tooling.
The -apply-tags mode inserts AI-suggested display names and tags
directly into Java and C# source files using a lexical-preserving printer.
Two-phase prepare / consume mode for air-gapped or policy-restricted environments where direct API calls are not permitted.
Shareable configuration files store scan settings; CLI flags override them selectively, eliminating per-run repetition in team or CI workflows.
Quick start
1 — Static inventory (no AI)
# bin/ script from the distribution archive
./methodatlas src/test/java
2 — AI enrichment (local Ollama)
./methodatlas -ai \ -ai-provider ollama \ -ai-model qwen2.5-coder:7b \ src/test/java
3 — SARIF for GitHub Code Scanning
./methodatlas -sarif src/test/java \ > results.sarif
4 — Cloud AI with API key
export OPENROUTER_API_KEY=sk-... ./methodatlas -ai \ -ai-provider openrouter \ -ai-api-key-env OPENROUTER_API_KEY \ src/test/java