Themida GitHub

Run it yourself

From clone to first finding.

The fastest path is a CLI scan of a local directory — only an LLM key is needed, no Supabase and no GitHub App. You bring your own key, you keep the findings, and only the files being scanned are sent to your provider.

Runtime
Node.js 22+
Package manager
pnpm 10+
Required
An LLM API key

1. Clone & install

git clone https://github.com/Nikolaospet/themida.git
cd themida
pnpm install

2. Configure your LLM provider

Copy the example env file and set your provider plus key. Themida works with Anthropic, OpenAI, or any OpenAI-compatible endpoint. 

cp .env.example .env.local

# in .env.local — pick one:
LLM_PROVIDER=anthropic
ANTHROPIC_API_KEY=sk-ant-…

# …or an OpenAI-compatible endpoint:
LLM_PROVIDER=openai
OPENAI_API_KEY=sk-…
OPENAI_BASE_URL=https://openrouter.ai/api/v1

3. Scan

# scan this clone, or any local directory
pnpm dev:scan --path .

Useful options

# restrict to specific frameworks
pnpm dev:scan --path ./my-repo --frameworks gdpr,owasp

# write a SARIF report for GitHub Code Scanning
pnpm dev:scan --path ./my-repo --format sarif --out themida.sarif

Want the full web UI?

The dashboard adds repo connection, scan history, framework selection, and PDF / SARIF export from the browser. It needs a local Supabase instance and (optionally) a GitHub App. Follow the local setup guide to run the whole stack.

Local setup guide Configuration reference

Themida is alpha software — treat findings as input to human review, not a certified audit.