AI Security

CodeShield AI

Enterprise AI-Powered Repository Security Analyzer

AI PoweredRepository Security
Real-timeAnalysis
DockerReady
GitHub ActionsCI/CD
Multi-formatReports

Overview

CodeShield AI is an enterprise AI-powered repository security analyzer for assessing codebase risk across public GitHub repositories, GitLab repositories, ZIP uploads, and local folders. It combines deterministic static analysis with Groq-powered semantic review to surface vulnerabilities, exposed secrets, insecure configuration, and dependency risks.

Its modular scan pipeline uses smart chunking to prepare source files for LLM review, cross-file reasoning to connect related findings, and security scoring to prioritize the resulting risk. Interactive reports, remediation views, patches, and AI fix prompts turn findings into practical next steps for engineering teams.

Tech Stack

PythonFastAPIGroqDockerGitHub ActionsGitPythonJavaScriptHTMLCSSLLMStatic AnalysisAI Security

Architecture

The FastAPI service coordinates a persistent scan-state manager and background pipeline workers. Repository inputs are normalized before static scanners and Groq semantic review evaluate the codebase, then the findings are correlated and exported as actionable security reports.

Repository
GitHub, GitLab, ZIP upload, or local folder input
Parser
File discovery, structure mapping, and language-aware preparation
Smart Chunker
Compatible code grouping optimized for LLM context windows
Static Security Scanner
Secrets, dependencies, configuration, and pattern-based checks
Groq AI Semantic Review
LLM-based vulnerability analysis and remediation context
Cross-File Reasoner
Correlates findings across files and execution paths
Risk Scoring
Severity-aware prioritization for security triage
Interactive Reports
Downloadable findings, patches, and AI fix prompts

Key Features

  • GitHub repository scanning, GitLab repository scanning, ZIP upload scanning, and local folder scanning
  • Secret detection, dependency analysis, and configuration analysis through static security checks
  • AI semantic vulnerability detection with Groq LLM review and cross-file reasoning
  • Security scoring with interactive reports and side-by-side vulnerable and remediated code views
  • Docker deployment, GitHub Actions CI/CD, persistent scan state, and multi-threaded background scanning
  • HTML, JSON, Markdown, CSV, PDF, and SARIF report export, plus patch and AI fix prompt generation

Performance

Small Repo1–50 files

Typically completes in under 10 seconds; README benchmarks show 2–4 seconds.

Medium Repo50–200 files

Typically completes in under 20 seconds; README benchmarks show 6–9 seconds.

Large Repo200+ files

Optimized chunking merges compatible code segments to manage LLM context efficiently.

Security Pipeline

Each scan follows a structured, background-managed workflow so repositories can be analyzed consistently and reported on without blocking the interface.

Clone Repository
Fetch a supported remote source or load a local upload
Parse Files
Map the repository structure and eligible source files
Smart Chunking
Group code into review-ready context windows
Static Analysis
Run deterministic checks for common security risks
Groq AI
Perform semantic vulnerability review and remediation analysis
Cross File Analysis
Connect related signals across the codebase
Security Score
Prioritize findings by assessed risk
Generate Reports
Deliver findings in developer and CI-friendly formats

Reports

HTML

Interactive browser-ready security report.

JSON

Structured output for automation and integrations.

Markdown

Shareable findings for repositories and documentation.

CSV

Tabular findings for review and tracking.

PDF

Portable report for stakeholders and audit workflows.

SARIF

Static-analysis interchange format for security tooling.

Patch

Drop-in unified diff patch for remediation.

AI Prompt

Preformatted remediation prompts in JSON, Markdown, or text.

Project Highlights

Enterprise Architecture

Modular pipeline designed for production-grade repository analysis.

FastAPI Backend

REST endpoints for asynchronous scans, status, cancellation, and report downloads.

Production Deployment

Docker support and GitHub Actions CI/CD for consistent delivery.

Persistent Scan State

Disk-backed state retains progress through service interruptions.

Multi-threaded Scanning

Background workers keep scan execution responsive and isolated.

AI Security Review

Semantic analysis complements deterministic static detection.