AISLE Research Bot

AI-powered security analysis that runs directly in your GitHub pull requests. Get prioritized findings, root cause explanations, and remediation guidance — all posted as a PR comment within minutes.

Try it on GitHub

Currently in private beta — access is granted after install.

OpenSSL logocURL logoLinux logoChromium logoApache logoMozilla logoRedis logoSQLite logo
Getting Started

First results in minutes

01Install app

Add Aisle Research Bot to your organization or repository from the GitHub Marketplace. One click, no configuration files.

02Select repo

Choose which repositories to enable. The bot stays dormant until explicitly triggered — no surprise comments.

03Tag analyzer

Mention @aisle-analyzer in any PR comment. The bot analyzes the change and posts findings directly in the thread.

Access is currently allow-listed. After installing the app, our team will enable the bot. Until approved, tagging @aisle-analyzer won't trigger a response.

In Production

Running on projects trusted by millions

Add ASCON-AEAD128 cipher implementation per NIST SP 800-232 #29934

Open

evil-cry wants to merge into openssl:master from evil-cry:feature/ascon128

t8mcommented last week

@aisle-analyzer

👀1
aisle-research-botbotcommented last week

🔒Aisle Security Analysis

We found 6 potential security issue(s) in this PR:

#SeverityTitle
1MediumOut-of-bounds write in ASCON-AEAD128 provider update due to missing outsize validation
2MediumASCON-AEAD128 provider init can silently reuse stale key when key and IV are set in multiple steps
3LowAscon-AEAD128 manpage omits critical nonce-uniqueness and tag-verification guidance
4LowASCON-AEAD128 decryption releases plaintext before tag verification (unauthenticated plaintext on tag failure)
5LowASCON-AEAD128 registered in default provider without OPENSSL_NO_ASCON128 guard
6LowInconsistent disable token for ASCON-AEAD128 breaks configuration-based disabling

Each finding is detailed in a separate comment below.

levittecommented last week

The bot is quite correct that things need to be consistent, and that for something disablable, you have to insert it in the @disablables array in Cofnigure.

(I'm impressed by this catch!)

❤️1
View on GitHub →

http_aws_sigv4: fix query normalization #20550

Closed

bagder wants to merge into curl:master from feature/branch

bagdercommented 4 days ago

@aisle-analyzer thoughts?

👀1
aisle-research-botbotcommented 4 days ago

🔒Aisle Security Analysis

✅ We scanned this PR and did not find any security vulnerabilities.

Aisle supplements but does not replace security review.

View on GitHub →

Enable RFC 7919 FFDHE groups for TLS 1.2 server #24551

Closed

jvdsn wants to merge into openssl:master from jvdsn:tls1_2-rfc7919

mattcaswellcommented last week

@aisle-analyzer

👀1
aisle-research-botbotcommented last week

🔒Aisle Security Analysis

We found 1 potential security issue(s) in this PR:

#SeverityTitle
1MediumRFC7919 FFDHE compatibility check bypass for DHE-PSK cipher suites during server cipher selection

Each finding is detailed in a separate comment below.

View on GitHub →

"An excellent new project. A powerful analyzer that highlights code areas that need more attention in ways the old generation of code tools have not been able to."

Daniel Stenberg
Daniel StenbergFounder of cURL
CTA background

Start finding vulnerabilities before they ship.

Try it on GitHub