Skip to content

Latest commit

 

History

History
103 lines (66 loc) · 4 KB

README.md

File metadata and controls

103 lines (66 loc) · 4 KB


Code Security Vulnerabilities Scanner

Release and Publish GitHub release (latest by date) GitHub issues GitHub pull requests GitHub

GuardAI

GuardAI leverages multiple AI models, including OpenAI, Gemini, and custom self-hosted AI servers, to scan code for security vulnerabilities. It is designed to integrate seamlessly into CI/CD pipelines, such as GitHub Actions, allowing developers to automatically analyze their code for potential security issues during the development process.

Full Demo: https://github.com/codeguardai/demo

Features

  • Multi-AI Model Support:

    • OpenAI Integration: Scan your code using OpenAI's powerful models like GPT-4 to identify potential security vulnerabilities.
    • Gemini Integration: Leverage Gemini's capabilities to analyze code for security risks.
    • Groq Integration: Uses Groq's Fast AI Inference
    • Custom AI Server Integration: Connect to a self-hosted or privately hosted AI server to perform security scans, allowing for fully customizable and self-hosted AI solutions.

  • CI/CD Integration:

    • Easily integrate the CLI tool into GitHub Actions, enabling automated code scanning for security vulnerabilities on every pull request.
    • Provides support for running scans on specific branches or changes in a repository.

  • Flexible Scanning Options:

    • Full Directory Scans: Analyze all files within a directory for comprehensive security analysis.
    • PR-Specific Scans: Focus on files changed in a specific pull request to streamline the scanning process and reduce overhead.

Getting Started

Prerequisites

  • Python 3.10 or higher
  • API keys for the supported AI models:
    • OpenAI API key
    • Gemini API key
    • Groq API key
    • Access to a custom AI server (host, port, and optional token)

Installation

Option 1: Install via pip

You can install the tool directly from the repository using pip:

pip install guardai

This will allow you to use the guardai command directly in your terminal.

Option 2: Clone the Repository

If you prefer to clone the repository and install the dependencies manually:

git clone https://github.com/codeguardai/guardai.git
cd guardai
pip install -r requirements.txt
pip install -r requirements-dev.txt

Usage

Scanning a Directory

To scan all files within a directory:

guardai --provider openai --directory path/to/your/code

Scanning with a Custom AI Server

To scan code using a custom AI server:

guardai --provider custom --host http://localhost --port 5000 --token your_token --directory path/to/your/code

Supported AI Providers

  • OpenAI: Leverages GPT models for detailed security analysis.
  • Gemini: Provides robust security analysis using Gemini's capabilities.
  • Custom: Integrates with a self-hosted or privately hosted AI server, allowing for fully customizable solutions.

Future Work

  • Caching Implementation: A caching mechanism to store results of previously scanned files, reducing the number of API calls and optimizing performance.

  • Expanded Git Provider Support: The tool is currently integrated with GitHub for PR-based scanning, future plans include extending support to other Git providers like GitLab, Bitbucket, and Azure Repos.

Contributing

Contributions are welcome! Please fork the repository and submit a pull request with your improvements.

License

This project is licensed under the MIT License. See the LICENSE file for details.