CodeShield AI
Enterprise AI-Powered Repository Security Analyzer
Overview
CodeShield AI is an enterprise AI-powered repository security analyzer for assessing codebase risk across public GitHub repositories, GitLab repositories, ZIP uploads, and local folders. It combines deterministic static analysis with Groq-powered semantic review to surface vulnerabilities, exposed secrets, insecure configuration, and dependency risks.
Its modular scan pipeline uses smart chunking to prepare source files for LLM review, cross-file reasoning to connect related findings, and security scoring to prioritize the resulting risk. Interactive reports, remediation views, patches, and AI fix prompts turn findings into practical next steps for engineering teams.
Tech Stack
Architecture
The FastAPI service coordinates a persistent scan-state manager and background pipeline workers. Repository inputs are normalized before static scanners and Groq semantic review evaluate the codebase, then the findings are correlated and exported as actionable security reports.
Key Features
- GitHub repository scanning, GitLab repository scanning, ZIP upload scanning, and local folder scanning
- Secret detection, dependency analysis, and configuration analysis through static security checks
- AI semantic vulnerability detection with Groq LLM review and cross-file reasoning
- Security scoring with interactive reports and side-by-side vulnerable and remediated code views
- Docker deployment, GitHub Actions CI/CD, persistent scan state, and multi-threaded background scanning
- HTML, JSON, Markdown, CSV, PDF, and SARIF report export, plus patch and AI fix prompt generation
Performance
Typically completes in under 10 seconds; README benchmarks show 2–4 seconds.
Typically completes in under 20 seconds; README benchmarks show 6–9 seconds.
Optimized chunking merges compatible code segments to manage LLM context efficiently.
Security Pipeline
Each scan follows a structured, background-managed workflow so repositories can be analyzed consistently and reported on without blocking the interface.
Reports
Interactive browser-ready security report.
Structured output for automation and integrations.
Shareable findings for repositories and documentation.
Tabular findings for review and tracking.
Portable report for stakeholders and audit workflows.
Static-analysis interchange format for security tooling.
Drop-in unified diff patch for remediation.
Preformatted remediation prompts in JSON, Markdown, or text.
Project Highlights
Modular pipeline designed for production-grade repository analysis.
REST endpoints for asynchronous scans, status, cancellation, and report downloads.
Docker support and GitHub Actions CI/CD for consistent delivery.
Disk-backed state retains progress through service interruptions.
Background workers keep scan execution responsive and isolated.
Semantic analysis complements deterministic static detection.