MethodAtlas

Scan Java test sources, extract JUnit 5 metadata, and enrich results with AI-generated security classification — without compiling a single class.

Capabilities

✓
Source-level test inventory
Discovers @Test, @ParameterizedTest, @TestFactory, and other JUnit 5 annotations via lexical parsing — no compilation required.
✓
AI security classification
Integrates with Ollama, OpenAI, OpenRouter, and Anthropic to label each test by security relevance, taxonomy tags, and human-readable rationale.
Only test source files are submitted — production code is never read or transmitted.
✓
Multiple output formats
Exports results as CSV (default), plain text, or SARIF 2.1.0 for direct integration with GitHub Code Scanning and other SAST tooling.
✓
Source write-back
The -apply-tags mode inserts AI-suggested @DisplayName and @Tag annotations directly into source files using a lexical-preserving printer.
✓
Manual AI workflow
Two-phase prepare / consume mode for air-gapped or policy-restricted environments where direct API calls are not permitted.
✓
YAML configuration
Shareable configuration files store scan settings; CLI flags override them selectively, eliminating per-run repetition in team or CI workflows.

Quick start

1 — Static inventory (no AI)

# bin/ script from the distribution archive
./methodatlas src/test/java

2 — AI enrichment (local Ollama)

./methodatlas -ai \
  -ai-provider ollama \
  -ai-model qwen2.5-coder:7b \
  src/test/java

3 — SARIF for GitHub Code Scanning

./methodatlas -sarif src/test/java \
  > results.sarif

4 — Cloud AI with API key

export OPENROUTER_API_KEY=sk-...
./methodatlas -ai \
  -ai-provider openrouter \
  -ai-api-key-env OPENROUTER_API_KEY \
  src/test/java