RepoGuard AI is an autonomous, AI-powered security scanner for GitHub repositories. Designed to seamlessly integrate into modern developer workflows, it securely clones code, runs high-speed static analysis, performs deep semantic vulnerability reviews using LLMs, and generates professional PDF reports. It also ships with zero-click vulnerability remediation capabilities.
- Strict Data Privacy: All private scans and analysis logs are fully isolated. User codebase data is never made public or shared.
- No Persistence: Repositories are cloned to ephemeral storage and automatically securely wiped immediately after analysis.
- Hybrid Analysis Pipeline: Combines deterministic static analysis (
Semgrep/Bandit) with deep reasoning LLMs (Llama-3.3-70Bvia Groq, with GoogleGemini 2fallback). - Web3 & AI Risk Detection: Tailored prompts specifically detect Solidity reentrancy, access control flaws, LLM prompt injections, and data leakages natively.
https://github.com/RV12R/repoguard-ai
- Executive Reporting: Automatically generates professional and structured PDF audit reports using ReportLab.
- Auto-Fix Integration: "One-click" branch creation patches vulnerabilities using AI-suggested code fixes.
- Streaming Live Logs: WebSocket-powered live progress bars and streaming terminal logs directly to the browser.
- Clean Aesthetic UI: Beautiful, fully responsive minimalist black & white aesthetic with seamless dark mode support.
- Framework: Next.js 15 (App Router) / React 19
- Styling: Tailwind CSS V4 + Shadcn/ui
- State Management: Zustand
- Real-Time Data: Native WebSockets
- Framework: Python FastAPI
- Security Tools: Semgrep, Bandit
- LLM Integration: Groq API, Google Generative AI SDK
- Database / Auth: Supabase PostgreSQL
- Containerization: Docker & Docker Compose
- CI/CD: GitHub Actions pipeline pre-configured for Vercel (Frontend) and Render (Backend)
- Create a free PostgreSQL project at Supabase.
- Run the provided SQL migration in
supabase/migrations/001_initial.sql. - Locate your
URL,anon publickey, andservice_rolesecret key.
The repository includes a ready-to-use docker-compose.yml for standing up both the Next.js frontend and FastAPI backend alongside each other seamlessly.
- Rename the
.env.exampletemplates in bothfrontend/andbackend/to.local.envor.env. - Populate the environment variables with your API keys (Groq, Gemini, Supabase).
- Start the containers using:
docker-compose up --buildThe frontend will be available at
http://localhost:3000and the API athttp://localhost:8000.
(Alternatively, you can run the individual environments directly using npm run dev in the frontend and uvicorn main:app --reload within a Python virtual environment in the backend.)
Contributions, opened issues, and pull requests are warmly welcomed. Please ensure new features include functional fallback mechanisms and adhere strictly to the minimalist design philosophy of the frontend dashboard.