Skip to content

ranabitu140-a11y/code-analyser-

Repository files navigation

Agentic Vulnerability Scanner 🛡️🧠

A Privacy-First, Local Agentic Vulnerability Scanner designed to deeply analyze codebases for security flaws without ever sending your sensitive code to the cloud. By leveraging local Large Language Models (LLMs) via Ollama, structured memory via SQLite, and vector context via ChromaDB, this tool orchestrates an intelligent, autonomous scanning process right on your hardware.

✨ Features

  • 🔒 100% Local & Private: All scanning, AST analysis, and AI evaluation runs entirely on your local machine. No code ever leaves your environment.
  • 🤖 Agentic Orchestration: An intelligent background orchestrator automatically loops through Static Analysis, Software Composition Analysis (SCA), and AI-driven AST evaluation.
  • 🧠 Advanced Memory Systems:
    • Structured Memory (SQLite): Tracks real-time task queues, vulnerability logs, and system events.
    • Vector Memory (ChromaDB): Stores deep semantic embeddings of identified vulnerabilities, allowing the agent to remember and reference past context to avoid duplicate alerts and learn from the codebase.
  • 💻 Hardware-Aware Optimization: Automatically evaluates your system's CPU, RAM, and GPU to recommend the optimal local LLM (e.g., Llama 3, Mixtral, Phi-3).
  • 🗂️ Native Windows Folder Picker: Uses a secure bridge to spawn a native Windows 11 File Explorer (IFileOpenDialog) directly from the web dashboard for seamless target selection.
  • 📊 Real-Time Dashboard: A stunning, premium glassmorphism UI built with Next.js App Router that dynamically visualizes the agent's task queue, memory status, and vulnerability findings as they happen.

🛠️ Technology Stack

  • Frontend: Next.js 14 (App Router), React, Vanilla CSS (Glassmorphism & Micro-animations)
  • Backend: Node.js, Next.js API Routes, native PowerShell interop for UI dialogs
  • Database (Structured): SQLite (better-sqlite3)
  • Database (Vector): ChromaDB (chromadb)
  • AI/LLM Engine: Ollama (runs locally)

🚀 Getting Started

Prerequisites

  1. Node.js (v18+)
  2. Ollama: Installed and running locally (Download Ollama). Ensure you have pulled the default model:
    ollama run llama3:8b-instruct
  3. ChromaDB: Running locally via Docker or native install.
    docker run -p 8000:8000 chromadb/chroma
  4. Windows OS: Required for the native folder selection bridge.

Installation

  1. Clone the repository:

    git clone https://github.com/ranabitu140-a11y/code-analyser-.git
    cd code-analyser-/scanner-app
  2. Install dependencies:

    npm install
  3. Start the development server:

    npm run dev
  4. Open your browser and navigate to http://localhost:3000.

🎮 Usage

  1. Dashboard Initialization: The dashboard will automatically ping your hardware and recommend a local AI model.
  2. Select Target: Click "Change" under Target Codebase. A native Windows File Explorer will securely open. Select the folder containing the code you want to analyze.
  3. Start Live Scan: Click "Start Live Scan". The Agent Orchestrator will:
    • Clear its short-term task memory.
    • Initialize the Static Analysis engine to look for hardcoded .env secrets.
    • Query local dependency advisories (SCA).
    • Feed relevant code AST chunks into your local Ollama model to verify deep vulnerabilities like SQL injections.
  4. Monitor Real-Time: Watch the tasks change from Queued to In Progress to Completed seamlessly while the detailed Vulnerability & Memory Logs stream live.

🏗️ Project Architecture

/scanner-app
├── /src
│   ├── /app
│   │   ├── /api           # Next.js Serverless API endpoints
│   │   │   ├── /agent           # Agent Orchestrator & Memory interaction
│   │   │   ├── /hardware        # System diagnostics
│   │   │   └── /select-folder   # PowerShell Native UI bridge
│   │   ├── globals.css    # Global styles & Glassmorphism Design System
│   │   ├── layout.tsx     # Root layout
│   │   └── page.tsx       # Main Real-Time Dashboard UI
│   └── /lib
│       ├── agent.ts       # Core Agentic Loop & AI logic
│       └── memory.ts      # SQLite & ChromaDB integration
├── /data                  # Auto-generated local SQLite DB files
└── package.json

🛡️ Privacy Notice

Because this project utilizes local hardware execution, all scans, data parsing, and AI embeddings are generated and retained exclusively on your host machine.


Built for extreme security, autonomy, and privacy.

About

code analyser or bug finder in the repo

Resources

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors