ARM Open Sources AI-Powered Security Code Review

Arm's Product Security Team has released Metis, an open-source AI security framework that uses large language models to perform deep reasoning and context-aware code reviews for detecting subtle vulnerabilities. The tool supports multiple programming languages including C, C++, Python, Rust, and Go, and can validate findings from third-party static analysis tools to reduce false positives. Metis aims to help engineers improve secure coding practices and reduce review fatigue, particularly in large, complex, or legacy codebases where traditional tooling often falls short.

Metis is an open-source, agentic AI security framework for deep security code review, created by Arm's Product Security Team https://www.arm.com/products/product-security . It helps engineers detect subtle vulnerabilities, improve secure coding practices, and reduce review fatigue. This is especially valuable in large, complex, or legacy codebases where traditional tooling often falls short. Metis is named after the Greek goddess of wisdom, deep thought and counsel. - Deep Reasoning Unlike linters or traditional static analysis tools, Metis doesn’t rely on hardcoded rules. It uses LLMs capable of semantic understanding and reasoning. - Context-Aware Reviews RAG ensures that the model has access to broader code context and related logic, resulting in more accurate and actionable suggestions. - Plugin-Friendly and Extensible Designed with extensibility in mind: support for additional languages, models, and new prompts is straightforward. - Issue validation Validates findings from its own analysis and third-party SAST tools, gathering evidence to reduce false positives. - Provider Flexibility Support for major LLM services and local models vLLM, Ollama, LiteLLM etc. . See the vLLM guide /arm/metis/blob/main/docs/providers/vllm.md and the Ollama guide /arm/metis/blob/main/docs/providers/ollama.md for local setup examples. Metis includes support for the following languages: | Language | Triage Analysis | Notes | |---|---|---| | C | Tree-sitter + Flow Analysis + tools | Built-in plugin | | C++ | Tree-sitter + Flow Analysis + tools | Built-in plugin | | Python | Tree-sitter + Structural Analysis + tools | Built-in plugin | | Rust | Tree-sitter + Structural Analysis + tools | Built-in plugin | | TypeScript | Tree-sitter + Structural Analysis + tools | Built-in plugin | | Terraform | Tools | Built-in plugin | | Go | Tree-sitter + Structural Analysis + tools | Built-in plugin | | Solidity | Tree-sitter + Structural Analysis + tools | Built-in plugin | | TableGen | Tools | Built-in plugin | | Verilog | Tree-sitter + Structural Analysis + tools | Built-in plugin | For triage analysis details Flow Analysis vs Structural Analysis , see docs/triage-flow.md /arm/metis/blob/main/docs/triage-flow.md . Metis uses a plugin-based language system, making it easy to extend support to additional languages. It also supports multiple vector store backends, including PostgreSQL with pgvector and ChromaDB. By default, Metis uses ChromaDB for local, no-setup usage. You can also use PostgreSQL with pgvector for scalable indexing and multi-project support. After cloning the repository, you can either create a virtual environment or install dependencies system-wide. To use a virtual environment recommended : uv venv uv pip install . or install system wide using --system: uv pip install . --system To install with PostgreSQL pgvector backend support: uv pip install '. postgres ' git clone https://github.com/arm/metis.git cd metis docker build -t metis . OpenAI Export your OpenAI API key before using Metis: export OPENAI API KEY="your-key-here" Run metis by also providing the path to the source you want to analyse: uv run metis --codebase-path <path to src Then, index your codebase using: index Finally, run the security analysis across the entire codebase with: review code If the index is unavailable and you still want to run an analysis, use: review code --ignore-index This is supported only for review code , review file , review patch , and triage . In that mode Metis skips retrieval and warns that relevant-context lookup was disabled. Go to your codebase path and run: docker run --rm -it -v pwd :/metis metis To pass environment variables use -e : docker run --rm -it -v pwd :/metis -e "OPENAI API KEY=${OPENAI API KEY}" metis You can pass arguments to metis: docker run --rm -it -v pwd :/metis metis --non-interactive --command 'review code' --output-file results/review code results.json Metis Configuration metis.yaml Metis configuration can be over-ridden using a YAML configuration file metis.yaml in the working directory when running metis. The default configuration is in src/metis/metis.yaml. This file defines all runtime parameters including: LLM provider: OpenAI model names, embedding models, token limits Engine behavior: max workers, max token length, similarity top-k Database connection: In the case of PostgreSQL: host, port, credentials, and schema name Vector indexing: HNSW parameters for pgvector This file is required to run Metis and should be customized per deployment. Prompt Configuration plugins.yaml Metis uses a plugins.yaml file to define language-specific behavior, including LLM prompt templates and document splitting logic. Each language plugin e.g., C references this file to load: You can customize a number of prompts like the following prompts: security review : Guides the LLM to perform a security audit of code or diffs. validation review : Asks the LLM to assess the correctness or quality of a generated review. security review checks : A list of all the security issues the LLM will try to search for. These prompts provide natural language context for the LLM and can be tailored to your use case e.g., stricter audits, privacy reviews, compliance . You can also configure the chunking parameters for source code and documentation: chunk lines : Number of lines per chunk chunk lines overlap : Overlap between chunks max chars : Max characters per chunk Metis discovers language plugins using Setuptools entry points. Packages can expose plugins by declaring the group metis.plugins in their packaging metadata. Each entry should resolve to a class implementing metis.plugins.base.BaseLanguagePlugin and optionally accept plugin config in the constructor. Example pyproject.toml for a third-party plugin: project.entry-points."metis.plugins" my lang = "my pkg.my module:MyLanguagePlugin" Metis provides an interactive CLI with several built-in commands. After launching, you can run the following: --custom-prompt PATH – optional .md or .txt file that contains additional guidance. When provided, Metis loads it once and weaves the text into every security-review prompt. If the flag is omitted, Metis looks for .metis.md in your project root and uses it when present. Use this to inject organization-specific policy or security requirements without editing plugins.yaml . --backend chroma|postgres – choose vector-store backend default chroma . --project-schema / --chroma-dir – backend-specific knobs. --triage – after review code , review file , or review patch , triage findings and annotate SARIF output. --include-triaged – include findings already triaged by Metis when running triage. --ignore-index – allow review code , review file , review patch , and triage to run without index-backed context. Metis warns and skips retrieval in this mode. It does not apply to ask or update . --verbose , --quiet , --output-file , --output-files – control logging and export formats. Indexes your codebase into a vector database. Must be run before any analysis. Performs a full security review of the indexed codebase. Use --ignore-index to run without retrieval when no index is available. Performs a targeted security review of a single file. Use --ignore-index to run without retrieval when no index is available. Reviews a diff/patch file and highlights potential security issues introduced by the change. Use --ignore-index to run without retrieval when no index is available. Incrementally updates the index using a diff. Avoids full reindexing. Ask Metis anything about the indexed codebase. Useful for exploring architecture, identifying design patterns, or clarifying logic. Triages findings in a SARIF file and annotates each result with Metis triage metadata. You can use this command on SARIF generated by Metis or by other security/static-analysis tools. Use --ignore-index to triage without retrieval when no index is available. See docs/triage-flow.md /arm/metis/blob/main/docs/triage-flow.md for a short overview of how triage works. Metis also supports a non-interactive mode, useful for automation, CI/CD pipelines, or scripted usage. To use Metis in non-interactive mode, use the --non-interactive flag along with --command: metis --non-interactive --command "<command args... " --output-file <file.json metis --codebase-path <path to src If you prefer not to use the default ChromaDB backend, you can switch to PostgreSQL either using a local installation or the provided Docker setup. To get started quickly, run: docker compose up -d This will launch a PostgreSQL instance with the pgvector extension enabled, using the credentials specified in your docker-compose.yml . Then, run Metis with the PostgreSQL backend: metis \ --project-schema myproject main \ --codebase-path <path to src \ --backend postgres review file src/memory/remap.c Vulnerable source code: // Remap memory addresses from one region to another for uint32 t ptr = start; ptr < end; ptr++ { uint32 t value = ptr; if value = OLD REGION BASE && value < OLD REGION BASE + REGION SIZE { value = value - OLD REGION BASE + NEW REGION BASE; } } Example output: File: src/memory/remap.c Identified issue 1: Address Remapping Loop Does Not Update Memory Snippet: for uint32 t ptr = start; ptr < end; ptr++ { uint32 t value = ptr; if... Why: In the remap address table function, the code is intended to adjust address references from an old memory region to a new one. However, the updated value stored in the local variable 'value' is never written back into memory at the pointer location ptr . This means the address entries remain unchanged, which can lead to unintended behavior if the system relies on those values being relocated correctly. Mitigation: Update the loop so that after computing the new address, the value is written back. For example: for uint32 t ptr = start; ptr < end; ptr++ { uint32 t value = ptr; if value = OLD REGION BASE && value < OLD REGION BASE + REGION SIZE { value = value - OLD REGION BASE + NEW REGION BASE ; ptr = value; } } This ensures that each entry is properly updated to point to the relocated memory region. Confidence: 1.0 metis --non-interactive --command "review code" --output-file results/full review.json metis --non-interactive \ --triage \ --command "review patch changes.diff" \ --output-file results/review.json \ --output-file results/review.sarif metis --non-interactive --command "triage results/review.sarif" metis --non-interactive \ --ignore-index \ --command "review code" \ --output-file results/full review.json metis --non-interactive \ --include-triaged \ --output-file results/retriaged.sarif \ --command "triage results/review.sarif" Metis is distributed under Apache v2.0 License.