Executing the OpenAI scan

ScanSuite supports code analysis via the LLM / GenAI services, such OpenAI. Some considerations to mention:

- The code will be submitted to OpenAI for analysis which may affect the code confidentiality.

- Analysis usually takes longer than other types of scans.

- Due to the speed and cost reasons, it is not recommended to upload all project files, such as configurations and dependency libraries, but only the ones which implement the core application logic.

- Results may vary for each upload as the analysis is done “on the fly” by OpenAI.

To set up an OpenAI scan you’d need to specify the key in the Settings menu. Refer to the Admin Manual on how to obtain and set this key.

Results are not uploaded to Defect Dojo for a few reasons. Instead, the html file is formed from the analysis results, which could be downloaded via the Report button after the scan is finished:

Download the report and open the gpt-sast-report HTML file: