code-quality-security-audit-system-ai-agent
The Code Quality & Security Audit System is a Python-based tool designed to analyze codebases for security vulnerabilities and quality issues.
https://github.com/muhammadfarhantanvir/code-quality-security-audit-system-ai-agent
Science Score: 44.0%
This score indicates how likely this project is to be science-related based on various indicators:
-
✓CITATION.cff file
Found CITATION.cff file -
✓codemeta.json file
Found codemeta.json file -
✓.zenodo.json file
Found .zenodo.json file -
○DOI references
-
○Academic publication links
-
○Academic email domains
-
○Institutional organization owner
-
○JOSS paper metadata
-
○Scientific vocabulary similarity
Low similarity (11.5%) to scientific vocabulary
Repository
The Code Quality & Security Audit System is a Python-based tool designed to analyze codebases for security vulnerabilities and quality issues.
Basic Info
Statistics
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
- Releases: 1
Metadata Files
README.md
🔍 Code Quality & Security Audit System
An AI-powered code quality and security audit system that combines pattern-based analysis with local AI models to identify vulnerabilities, code quality issues, and provide actionable recommendations.
🌐 Try It Live!
🌍 Real-World Impact:
- 🔒 Helps teams build secure, compliant applications faster
- 📉 Reduces time spent on manual code review by 50–70%
- 📊 Improves engineering efficiency and software audit readiness
- 🧩 Easy to integrate into existing DevOps and CI/CD pipelines
✨ Features
- Security Analysis: Detects vulnerabilities like SQL injection, XSS, hardcoded secrets, and more using regex patterns and AI analysis.
- Code Quality Checks: Identifies issues like code duplication, complex functions, and missing docstrings.
- AI Integration: Leverages local Ollama models (
deepseek-coder:6.7b,deepseek-r1:1.5b,deepscaler) for advanced analysis. - Database Storage: Saves audit reports and issues in a SQLite database for historical tracking.
- Interactive Dashboard: Visualizes results using Streamlit and Plotly for easy interpretation.
- Compliance Reporting: Supports standards like PCI-DSS, SOX, GDPR, HIPAA, and ISO 27001 (placeholder implementation).
CLI and GUI Support: Run audits via command-line interface or interactive web dashboard.
🔒 Security Analysis: OWASP Top 10 vulnerability detection
📊 Code Quality: Maintainability and complexity analysis
🤖 AI-Powered: Local Ollama integration for advanced insights
🌐 Web Dashboard: Interactive Streamlit interface
💻 CLI Tool: Comprehensive command-line interface
📈 Historical Tracking: Trend analysis and reporting
🐳 Docker Ready: Containerized deployment
🔧 Configurable: Customizable patterns and thresholds
🚀 Quick Start
Option 1: One-Command Installation
Linux/macOS:
bash
curl -fsSL https://raw.githubusercontent.com/muhammadfarhantanvir/Code-Quality-Security-Audit-System-AI-Agent/main/scripts/install.sh | bash
Windows:
powershell
iwr -useb https://raw.githubusercontent.com/muhammadfarhantanvir/Code-Quality-Security-Audit-System-AI-Agent/main/scripts/install.bat | iex
Option 2: Docker (Recommended)
bash
git clone https://github.com/muhammadfarhantanvir/Code-Quality-Security-Audit-System-AI-Agent
cd Code-Quality-Security-Audit-System-AI-Agent
docker-compose -f docker/docker-compose.yml up -d
Open http://localhost:8501 in your browser.
Option 3: Manual Installation
```bash
Clone repository
git clone https://github.com/muhammadfarhantanvir/Code-Quality-Security-Audit-System-AI-Agent cd Code-Quality-Security-Audit-System-AI-Agent
Install dependencies
pip install -r requirements.txt
Run CLI audit
python main.py --directory /path/to/your/project
Launch dashboard
streamlit run dashboard.py ```
💻 Usage
Command Line Interface
```bash
Basic audit
python main.py --directory ./my-project
Generate reports
python main.py --directory ./my-project --output report.json --export-html
Filter by severity
python main.py --directory ./my-project --severity HIGH --verbose
Disable AI for faster scanning
python main.py --directory ./my-project --no-ai ```
Web Dashboard
bash
streamlit run dashboard.py
Then open http://localhost:8501 and enter your project path.
Using Make Commands
```bash
Setup everything
make setup
Run audit on current directory
make audit
Launch dashboard
make dashboard
Run tests
make test
See all commands
make help ```
📁 Project Structure
Code-Quality-Security-Audit-System-AI-Agent/
├── src/code_audit_system/ # Main package
│ ├── core/ # Core functionality
│ │ ├── auditor.py # Main auditor class
│ │ ├── models.py # Data models
│ │ └── patterns.py # Security/quality patterns
│ ├── ai/ # AI integration
│ │ └── ollama_client.py # Ollama client
│ ├── dashboard/ # Web interface
│ │ └── streamlit_app.py # Streamlit dashboard
│ └── cli/ # Command-line interface
│ └── main.py # CLI implementation
├── config/ # Configuration files
├── docs/ # Documentation
├── scripts/ # Installation scripts
├── docker/ # Docker configuration
├── tests/ # Test suite
├── assets/ # Images and examples
├── main.py # CLI entry point
├── dashboard.py # Dashboard entry point
└── Makefile # Project management
🔍 What It Detects
Security Issues
- SQL Injection vulnerabilities
- Cross-Site Scripting (XSS)
- Hardcoded secrets and passwords
- Command injection flaws
- Insecure communication (HTTP)
- Path traversal vulnerabilities
- Weak cryptography usage
- And more OWASP Top 10 issues...
Code Quality Issues
- Long and complex functions
- Code duplication
- Missing documentation
- Poor error handling
- Magic numbers
- Deep nesting
- And more maintainability issues...
🤖 AI Integration
The system integrates with local Ollama models for advanced analysis:
- DeepSeek Coder: Code security analysis
- DeepSeek R1: Strategic recommendations
- DeepScaler: Technical debt prediction
Install Ollama and pull models: ```bash
Install Ollama
curl -fsSL https://ollama.ai/install.sh | sh
Pull models
ollama pull deepseek-coder:6.7b ollama pull deepseek-r1:1.5b ollama pull deepscaler ```
📊 Supported Languages
- Python (.py)
- JavaScript/TypeScript (.js, .jsx, .ts, .tsx)
- Java (.java)
- C/C++ (.c, .cpp)
- PHP (.php)
- Ruby (.rb)
- Go (.go)
- Rust (.rs)
- C# (.cs)
- Swift (.swift)
🔧 Configuration
Customize the system via config/config.yaml:
```yaml
Scanning options
scanning: maxfilesize: 2000 excludepatterns: - "*/nodemodules/" - "/venv/*"
AI settings
ollama: base_url: "http://localhost:11434" timeout: 60
Security patterns (customizable)
security: severity_weights: CRITICAL: 15 HIGH: 10 MEDIUM: 5 ```
📈 Example Output
```bash
🔍 Code Quality & Security Audit System v1.0.0
📁 Scanning directory: ./my-project
✅ Audit completed in 3.45 seconds! 📊 Files scanned: 25 📏 Total lines: 2,847 🔐 Security issues: 3 📊 Quality issues: 12 ⚠️ Risk score: 45.2/100 🟡 MEDIUM RISK - Review and address issues
🔴 Top Security Issues: 1. HIGH - SQL Injection in database.py:42 2. MEDIUM - Hardcoded Secret in config.py:15 3. MEDIUM - XSS Vulnerability in views.py:128
💡 Recommendations: 1. URGENT: Address 1 high-severity security vulnerabilities immediately 2. Implement security code review process 3. Refactor code to improve maintainability ```
🧪 Testing
```bash
Run all tests
make test
Run with coverage
pytest --cov=src --cov-report=html
Run specific tests
pytest tests/testsecuritypatterns.py -v ```
🤝 Contributing
We welcome contributions! See docs/CONTRIBUTING.md for guidelines.
- Fork the repository
- Create a feature branch
- Make your changes
- Add tests
- Submit a pull request
📚 Documentation
- Getting Started Guide - Comprehensive setup guide
- Contributing Guidelines - How to contribute
- Changelog - Version history
- Configuration Reference - All configuration options
🐳 Docker Deployment
```bash
Build and run
docker-compose -f docker/docker-compose.yml up -d
Scale services
docker-compose -f docker/docker-compose.yml up -d --scale code-audit-system=3
View logs
docker-compose -f docker/docker-compose.yml logs -f ```
🔒 Security
This tool runs entirely locally - no data is sent to external services. AI analysis uses local Ollama models for privacy and security.
📄 License
This project is licensed under the MIT License - see the LICENSE file for details.
🙏 Acknowledgments
- OWASP for security vulnerability classifications
- The Ollama team for local AI model infrastructure
- The open-source security community
📞 Support
- 🐛 Bug Reports: GitHub Issues
- 💡 Feature Requests: GitHub Discussions
- 📖 Documentation: Getting Started Guide
Made with ❤️ for the developer community
⭐ Star this repo if you find it useful!
Owner
- Name: Muhammad Farhan Tanvir
- Login: muhammadfarhantanvir
- Kind: user
- Location: Germany
- Company: Technische Universität Dortmund
- Website: https://www.linkedin.com/in/muhammad-farhan-tanvir/
- Repositories: 3
- Profile: https://github.com/muhammadfarhantanvir
Data Scientist
Citation (CITATION.cff)
cff-version: 1.2.0
message: "If you use this software, please cite it as below."
type: software
title: "Code Quality & Security Audit System"
abstract: "AI-powered code quality and security audit system with local Ollama integration for comprehensive vulnerability detection and code quality analysis."
authors:
- family-names: "Tanvir"
given-names: "Muhammad Farhan"
orcid: "https://orcid.org/0000-0000-0000-0000" # Replace with actual ORCID if available
repository-code: "https://github.com/muhammadfarhantanvir/Code-Quality-Security-Audit-System-AI-Agent"
url: "https://github.com/muhammadfarhantanvir/Code-Quality-Security-Audit-System-AI-Agent"
license: MIT
version: "1.0.0"
date-released: "2025-01-15"
keywords:
- "security analysis"
- "code quality"
- "static analysis"
- "vulnerability scanner"
- "artificial intelligence"
- "OWASP"
- "software engineering"
- "DevSecOps"
GitHub Events
Total
- Push event: 8
- Create event: 3
Last Year
- Push event: 8
- Create event: 3
Dependencies
- matplotlib ==3.7.5
- numpy ==1.26.4
- pandas ==2.2.2
- plotly >=5.14.0
- requests >=2.31.0
- seaborn ==0.12.2
- streamlit >=1.22.0