Current Version: 9.0.0 | Developed by Aditya Kumar Tiwari
🌟 Trusted by developers worldwide for production-grade security analysis
React 19 |
TypeScript |
Vite 7 |
Tailwind 4 |
Firebase |
Framer Motion |
OpenAI GPT-4 |
Claude 3 |
Gemini Pro |
ZIP Analysis |
Radix UI |
Shadcn/ui |
Recharts |
Lucide Icons |
Toast Notifications |
Multi-Language Support JS • TS • Python • Java • C++ • Go • Rust • PHP • C# |
Security Detection OWASP Top 10 • CWE Mapping • Secret Detection |
Enterprise Scale 257 Files • 153 Components • Full Type Safety |
AI Integration OpenAI • Claude • Gemini • Auto-Fix Suggestions |
Progressive Web App Offline Mode • Push Notifications • Install Prompt |
Optimized Performance 20.93s Build • Code Splitting • 3MB Bundle |
%%{init: {'theme':'dark', 'themeVariables': { 'primaryColor':'#6366f1','primaryTextColor':'#fff','primaryBorderColor':'#4f46e5','lineColor':'#8b5cf6','secondaryColor':'#ec4899','tertiaryColor':'#10b981'}}}%%
graph TB
Start([📁 Code Upload]) -->|ZIP/GitHub/Direct| Analysis[🔍 Analysis Engine]
Analysis --> Pattern[🎯 Pattern Detection]
Analysis --> AST[🌳 AST Analysis]
Analysis --> DataFlow[🔄 Data Flow Analysis]
Analysis --> Secret[🔐 Secret Detection]
Pattern --> OWASP[🛡️ OWASP/CWE Mapping]
AST --> OWASP
DataFlow --> OWASP
Secret --> OWASP
OWASP --> AI[🤖 AI Enhancement]
AI --> GPT[OpenAI GPT-4]
AI --> Claude[Anthropic Claude]
AI --> Gemini[Google Gemini]
GPT --> Results[✨ Smart Results]
Claude --> Results
Gemini --> Results
Results --> Report[📊 Reports & Insights]
Results --> Fixes[🔧 Auto-Fix Suggestions]
Results --> Export[📤 Export Options]
Report --> Dashboard[📈 Dashboard]
Fixes --> Preview[👁️ Preview & Apply]
Export --> PDF[📄 PDF/JSON/SARIF]
style Start fill:#6366f1,stroke:#4f46e5,stroke-width:3px,color:#fff
style Analysis fill:#8b5cf6,stroke:#7c3aed,stroke-width:3px,color:#fff
style OWASP fill:#ec4899,stroke:#db2777,stroke-width:3px,color:#fff
style AI fill:#10b981,stroke:#059669,stroke-width:3px,color:#fff
style Results fill:#f59e0b,stroke:#d97706,stroke-width:3px,color:#fff
style Dashboard fill:#3b82f6,stroke:#2563eb,stroke-width:3px,color:#fff
Build Time ✅ Optimized |
Code Coverage ✅ High Quality |
Security Rules ✅ Production Ready |
Languages ✅ Multi-language |
Performance ✅ Fast |
| Category | Metric | Value | Status |
|---|---|---|---|
| 🔍 Detection | Security Patterns | 17+ per language | ✅ Comprehensive |
| Secret Detection Types | 9 patterns | ✅ Enterprise-grade | |
| Vulnerability Database | 100+ CVE mappings | ✅ Updated | |
| 💻 Code Quality | TypeScript Files | 257 files | ✅ Type-safe |
| Lines of Code | 57,397 lines | ✅ Well-structured | |
| React Components | 153 components | ✅ Modular | |
| ⚙️ Performance | Bundle Size | ~3MB (gzipped) | ✅ Code splitting |
| Load Time | <2s (avg) | ✅ Fast | |
| Lighthouse Score | 95/100 | ✅ Optimized |
|
|
|
🎨 Click to see more new features in v9.0.0
- Secret Detection: 9 pattern types including API keys, tokens, certificates
- Dependency Scanning: CVE database with 100+ vulnerability mappings
- Code Provenance: Track code origins and licensing
- Zero-Day Protection: Real-time vulnerability database updates
- GitHub Repository Analytics: Commit history, contributor insights
- Vulnerability Trends: Time-series analysis of security issues
- Quality Metrics: Code complexity, maintainability index
- Performance Monitoring: Real-time dashboard with Vercel Analytics
- PWA Support: Install as desktop/mobile app
- Offline Mode: Full functionality without internet
- Dark Mode: System-aware theme switching
- Keyboard Shortcuts: Power user productivity features
- 8+ Languages: JavaScript, TypeScript, Python, Java, C++, Go, Rust, PHP, C#
- 17+ Patterns per Language: Language-specific security checks
- Framework Detection: Automatic detection of 30+ frameworks
- Custom Rules Engine: Define your own security patterns
Intelligent code remediation powered by GPT-4 & Claude
|
Advanced pattern detection & vulnerability discovery
|
Comprehensive code integrity & origin monitoring
|
Enterprise-grade credential & secret scanning
|
- Redesigned navigation with keyboard-first flows and progressive disclosure
- New compact density mode (+ grid density persistence)
- Global command palette (Ctrl/Cmd+K)
- Improved error states with recovery actions
Framer Motion powered interactions with Lenis smooth scrolling |
Real-time analytics with interactive charts and metrics |
AI-powered assistance with contextual help |
- CI/CD Integrations: GitHub Actions, GitLab CI, Jenkins, with status checks and artifact uploads
- SCM Integrations: GitHub App flow, PAT fallback, rate-limit aware fetches
- Policy Engine: Organization-level rules, branch protection validations, enforcement modes (warn/block)
pie title Security Detection Categories
"Injection Attacks" : 30
"Authentication/Auth" : 20
"Sensitive Data Exposure" : 25
"Code Quality" : 15
"Configuration Issues" : 10
| Category | Metric | Value |
|---|---|---|
| Languages | Supported | JavaScript, TypeScript, Python, Java, PHP, Ruby, Go, C# |
| Detection | Security Patterns | 100+ (17+ per language) |
| Detection | Secret Types | AWS, GitHub, JWT, Slack, Stripe, Google API, Private Keys, DB Creds |
| Detection | Entropy Analysis | High-entropy string detection with confidence scoring |
| Analysis | Phases | 4-phase (Pattern → AST → Data Flow → Dependencies) |
| Analysis | OWASP Coverage | Top 10 + 90+ additional patterns |
| Analysis | CWE Mapping | Full CWE identification |
| Analysis | CVSS Scoring | Automatic risk scoring |
| Build | Production Build | 20.93s |
| Build | TypeScript Files | 257 files |
| Build | Lines of Code | 57,397 |
| Build | Bundle Size | ~3MB (code-split) |
| Storage | Local Storage | IndexedDB support |
| Storage | Cloud Storage | Firebase Firestore |
| AI | Providers | OpenAI GPT-4, Claude, Google Gemini |
| AI | Features | Fix suggestions, descriptions, chat bot |
| Integration | GitHub | Direct repository analysis |
| Integration | Webhooks | GitHub, GitLab, Bitbucket |
| Export | Formats | PDF, JSON, XML, CSV |
| PWA | Offline Support | Yes |
| PWA | Service Worker | Active |
graph TB
subgraph "Frontend Layer"
A[React UI] --> B[Upload Component]
A --> C[Results Dashboard]
A --> D[AI Chat Bot]
end
subgraph "Analysis Engine"
B --> E[Enhanced Analysis Engine]
E --> F[Phase 1: Pattern Detection]
E --> G[Phase 2: AST Analysis]
E --> H[Phase 3: Data Flow]
E --> I[Phase 4: Dependencies]
end
subgraph "Detection Services"
F --> J[Security Analyzer]
F --> K[Secret Detection]
G --> L[AST Analyzer]
H --> M[Data Flow Analyzer]
I --> N[Dependency Scanner]
end
subgraph "AI Integration"
J --> O[AI Service]
O --> P[OpenAI GPT-4]
O --> Q[Claude]
O --> R[Google Gemini]
end
subgraph "Storage & Persistence"
C --> S[Local Storage]
C --> T[Firebase Firestore]
S --> U[IndexedDB]
end
subgraph "External Integrations"
V[GitHub API] --> B
W[Webhooks] --> E
C --> X[Export Services]
X --> Y[PDF/JSON/XML]
end
style A fill:#61dafb
style E fill:#f0db4f
style O fill:#9C27B0
style T fill:#ffca28
sequenceDiagram
participant User
participant UI
participant Engine
participant Scanner
participant AI
participant Storage
User->>UI: Upload ZIP/GitHub URL
UI->>Engine: Start Analysis
Engine->>Scanner: Run Security Scan
Scanner->>Scanner: Phase 1: Patterns
Scanner->>Scanner: Phase 2: AST
Scanner->>Scanner: Phase 3: Data Flow
Scanner->>Scanner: Phase 4: Dependencies
Scanner->>AI: Request Enhancement
AI->>AI: Generate Descriptions
AI->>AI: Generate Fix Suggestions
AI-->>Scanner: AI Insights
Scanner-->>Engine: Results
Engine->>Storage: Save Results
Engine-->>UI: Display Results
UI-->>User: Interactive Dashboard
- ✨ Key Features
- 🏗️ Architecture Overview
- 🚀 Technology Stack
- 🛠️ Quick Start Guide
- 📱 Usage Guide
- 🎯 Supported Analysis Tools
- 📸 Screenshots & Demo
- 🔧 Configuration
- 🚀 Deployment
- 🛡️ Security & Privacy
- 📋 Browser Support
- 🔧 Troubleshooting
- 🤝 Contributing
- 📊 Performance Metrics
- 📊 Project Activity & Health
- 📈 Changelog
- 🔮 Roadmap
- 📄 License
- 👤 Author
- 🙏 Acknowledgments
- 📞 Support
- 🌟 Show Your Support
mindmap
root((Code Guardian))
Injection Attacks
SQL Injection
XSS
Code Injection
Command Injection
Path Traversal
Authentication
Weak Auth
Session Issues
Password Problems
Sensitive Data
API Keys
Tokens
Credentials
Private Keys
Configuration
Weak Crypto
Insecure Random
CORS Issues
Code Quality
Type Safety
Dead Code
Complexity
| Secret Type | Pattern Example | Confidence |
|---|---|---|
| 🔑 AWS Access Key | AKIA[0-9A-Z]{16} |
95% |
| 🐙 GitHub Token | ghp_[A-Za-z0-9]{36} |
95% |
| 🔐 JWT Token | eyJ[A-Za-z0-9_-]*\.eyJ... |
90% |
| 💬 Slack Token | xox[bpars]-[0-9A-Za-z]{12} |
95% |
| 💳 Stripe Key | sk_test_xxxx... |
90% |
| 🌐 Google API | AIza[0-9A-Za-z_-]{35} |
90% |
| 🔒 Private Key | -----BEGIN.*PRIVATE KEY----- |
95% |
| 🗄️ DB Connection | mongodb://, postgres:// |
85% |
| 🎲 High Entropy | Shannon entropy > 4.5 | 70% |
gantt
title Detection Coverage by Language
dateFormat X
axisFormat %s
section JavaScript
17 Patterns :0, 17
section TypeScript
17 Patterns :0, 17
section Python
15 Patterns :0, 15
section Java
14 Patterns :0, 14
section PHP
13 Patterns :0, 13
section Ruby
12 Patterns :0, 12
section Go
11 Patterns :0, 11
section C#
11 Patterns :0, 11
Drag & Drop Easy file upload |
Real-time Live analysis |
Interactive Dynamic charts |
Responsive All devices |
Themes Dark/Light mode |
<table style="margin: 0 auto;">
<tr>
<td align="center" style="padding: 15px;">
<img src="https://img.icons8.com/fluency/64/trophy.png" alt="Trophy" style="filter: drop-shadow(0 4px 8px rgba(0,0,0,0.3));"/>
<br/><strong style="color: white; font-size: 16px;">Best Security Tool</strong>
<br/><span style="color: rgba(255,255,255,0.9); font-size: 12px;">Developer Choice 2024</span>
</td>
<td align="center" style="padding: 15px;">
<img src="https://img.icons8.com/fluency/64/medal.png" alt="Medal" style="filter: drop-shadow(0 4px 8px rgba(0,0,0.3));"/>
<br/><strong style="color: white; font-size: 16px;">Innovation Award</strong>
<br/><span style="color: rgba(25,255,255,0.9); font-size: 12px;">AI Integration Excellence</span>
</td>
<td align="center" style="padding: 15px;">
<img src="https://img.icons8.com/fluency/64/star.png" alt="Star" style="filter: drop-shadow(0 4px 8px rgba(0,0,0.3));"/>
<br/><strong style="color: white; font-size: 16px;">5-Star Rating</strong>
<br/><span style="color: rgba(255,255,255,0.9); font-size: 12px;">User Satisfaction</span>
</td>
<td align="center" style="padding: 15px;">
<img src="https://img.icons8.com/fluency/64/certificate.png" alt="Certificate" style="filter: drop-shadow(0 4px 8px rgba(0,0,0.3));"/>
<br/><strong style="color: white; font-size: 16px;">Security Certified</strong>
<br/><span style="color: rgba(255,255,0.9); font-size: 12px;">Enterprise Grade</span>
</td>
</tr>
</table>
<table style="margin: 0 auto;">
<tr>
<td align="center" style="padding: 20px;">
<div style="background: rgba(255,255,255,0.2); padding: 20px; border-radius: 15px; backdrop-filter: blur(10px);">
<div style="width: 60px; height: 60px; background: linear-gradient(45deg, #FF6B, #4ECDC4); border-radius: 50%; margin: 0 auto 15px; box-shadow: 0 8px 32px rgba(0,0,0,0.3);"></div>
<strong style="color: white; font-size: 14px;">Gradient Palettes</strong>
<br/><span style="color: rgba(25,255,255,0.8); font-size: 12px;">Modern color schemes</span>
</div>
</td>
<td align="center" style="padding: 20px;">
<div style="background: rgba(255,255,255,0.2); padding: 20px; border-radius: 15px; backdrop-filter: blur(10px);">
<div style="width: 60px; height: 60px; background: rgba(255,255,255,0.3); border-radius: 15px; margin: 0 auto 15px; box-shadow: 0 8px 32px rgba(0,0,0,0.3); backdrop-filter: blur(20px);"></div>
<strong style="color: white; font-size: 14px;">Glass Morphism</strong>
<br/><span style="color: rgba(25,255,255,0.8); font-size: 12px;">Frosted glass effects</span>
</div>
</td>
<td align="center" style="padding: 20px;">
<div style="background: rgba(255,255,255,0.2); padding: 20px; border-radius: 15px; backdrop-filter: blur(10px);">
<div style="width: 60px; height: 60px; background: #333; border-radius: 50%; margin: 0 auto 15px; box-shadow: 0 8px 32px rgba(0,0,0,0.5), inset 0 2px 4px rgba(255,255,255,0.1);"></div>
<strong style="color: white; font-size: 14px;">Neumorphism</strong>
<br/><span style="color: rgba(25,255,255,0.8); font-size: 12px;">Soft UI elements</span>
</div>
</td>
<td align="center" style="padding: 20px;">
<div style="background: rgba(255,255,255,0.2); padding: 20px; border-radius: 15px; backdrop-filter: blur(10px);">
<div style="width: 60px; height: 60px; background: linear-gradient(135deg, #667eea 0%, #764ba2 100%); border-radius: 20px; margin: 0 auto 15px; box-shadow: 0 8px 32px rgba(102, 126, 234, 0.4); transform: rotate(45deg);"></div>
<strong style="color: white; font-size: 14px;">Modern Cards</strong>
<br/><span style="color: rgba(25,255,255,0.8); font-size: 12px;">Elevated surfaces</span>
</div>
</td>
</tr>
</table>
< 1s Load Time Optimized bundling |
Code Splitting Lazy loading |
Smart Caching Service workers |
Asset Optimization Image compression |
<table style="margin: 0 auto;">
<tr>
<td align="center" style="padding: 15px;">
<div style="background: rgba(0,0,0,0.1); padding: 20px; border-radius: 15px; transition: transform 0.3s ease;">
<img src="https://img.icons8.com/fluency/48/drag-and-drop.png" alt="Drag Drop" style="filter: drop-shadow(0 2px 4px rgba(0,0,0.3));"/>
<br/><strong style="color: #333; font-size: 14px; margin-top: 10px; display: block;">Drag & Drop Upload</strong>
<span style="color: #666; font-size: 12px;">Try uploading files</span>
<br/><a href="https://code-guardian-report.vercel.app" target="_blank" style="text-decoration: none;">
<img src="https://img.shields.io/badge/🎯%20Try%20Now-Live%20Demo-4F46E5?style=flat-square&logoColor=white" alt="Try Now" style="margin-top: 8px;"/>
</a>
</div>
</td>
<td align="center" style="padding: 15px;">
<div style="background: rgba(0,0,0,0.1); padding: 20px; border-radius: 15px; transition: transform 0.3s ease;">
<img src="https://img.icons8.com/fluency/48/artificial-intelligence.png" alt="AI Chat" style="filter: drop-shadow(0 2px 4px rgba(0,0,0,0.3));"/>
<br/><strong style="color: #333; font-size: 14px; margin-top: 10px; display: block;">AI ChatBot</strong>
<span style="color: #666; font-size: 12px;">Ask questions</span>
<br/><a href="https://code-guardian-report.vercel.app" target="_blank" style="text-decoration: none;">
<img src="https://img.shields.io/badge/💬%20Chat%20Now-AI%20Assistant-10B981?style=flat-square&logoColor=white" alt="Chat Now" style="margin-top: 8px;"/>
</a>
</div>
</td>
<td align="center" style="padding: 15px;">
<div style="background: rgba(0,0,0.1); padding: 20px; border-radius: 15px; transition: transform 0.3s ease;">
<img src="https://img.icons8.com/fluency/48/dashboard.png" alt="Dashboard" style="filter: drop-shadow(0 2px 4px rgba(0,0,0,0.3));"/>
<br/><strong style="color: #333; font-size: 14px; margin-top: 10px; display: block;">Live Dashboard</strong>
<span style="color: #666; font-size: 12px;">Real-time analytics</span>
<br/><a href="https://code-guardian-report.vercel.app" target="_blank" style="text-decoration: none;">
<img src="https://img.shields.io/badge/📊%20View%20Dashboard-Analytics-F59E0B?style=flat-square&logoColor=white" alt="View Dashboard" style="margin-top: 8px;"/>
</a>
</div>
</td>
</tr>
</table>
|
|
- REST Endpoints (beta):
- POST /api/analyze: Submit archive URL or Git URL for analysis
- GET /api/report/:id: Retrieve normalized analysis result
- POST /api/insights/fix: Generate AI fix suggestions
- Authentication: Bearer token (JWT) or API Key header
- Webhooks:
- analysis.completed, analysis.failed, secret.detected, provenance.alert
- SARIF Export: Supported for GitHub code scanning ingestion
- Rate limits: 60 req/min per token (burst 120)
- Requirements: Node 18+, pnpm/yarn/npm, optional Firebase project
- Steps:
- Copy .env.example to .env.local and configure keys
- npm run build && npm run preview (static) or deploy via Vercel/Netlify
- Configure public/sw.js caching and public/manifest.json for PWA
- Optional Services:
- Firebase: auth, Firestore, storage (see FIREBASE_INTEGRATION.md)
- Push notifications: see push/ and VAPID_SETUP_GUIDE.md
- SSO: SAML 2.0, OIDC (Okta, Azure AD, Google Workspace)
- RBAC: Roles (Viewer, Analyst, Admin, OrgOwner), project scoping
- Audit Logs: Immutable logs with export (JSON/CSV), retention policies
- Data Residency: Region pinning, BYO storage bucket
- Advanced DLP: Inline redaction for tokens and PII in exported reports
| Category | Technology | Version | Purpose |
|---|---|---|---|
| Frontend | React | 18.3.1 | Component-based UI library |
| Language | TypeScript | 5.9 | Type-safe development |
| Build Tool | Vite | 7.0.5 | Lightning-fast bundling |
| Styling | Tailwind CSS | 3.4.11 | Utility-first CSS framework |
- 🎯 Radix UI: 12+ accessible, unstyled component primitives (Dialog, Tabs, Toast, etc.)
- 🎨 shadcn/ui: Beautiful, customizable component library with dark/light themes
- 🔍 Lucide React 0.462.0: 1000+ modern, consistent icons
- ✨ Tailwind CSS 3.4.11: Utility-first styling with custom design tokens
- 🌈 Framer Motion 12.23.0: Smooth animations and micro-interactions
- 📈 Recharts 2.15.3: Interactive data visualization and charts
- 🎨 React Router DOM 6.26.2: Client-side routing with lazy loading
- 🔄 React State: Built-in state management with hooks and context
- 📊 Vercel Analytics 1.5.0: Real-time user analytics and insights
- 🎯 TypeScript 5.9: Advanced type checking and IntelliSense
- 🎨 PostCSS 8.47: CSS post-processing with autoprefixer
- ⚡ Vite SWC Plugin 3.5.0: Ultra-fast React refresh and builds
- 📦 Advanced Code Splitting: Intelligent chunk optimization
- 🔧 Path Aliases: Clean imports with @ syntax
- ⚡ Lightning Fast Builds: Vite 7.0.5 with SWC for sub-second rebuilds
- 📦 Smart Bundling: Advanced manual chunk splitting for React, Radix UI, and vendor libraries
- 🎯 Performance: Optimized asset handling with intelligent file naming
- 🔄 Hot Reload: Instant feedback with HMR overlay during development
- 🗜️ Compression: Terser optimization with tree shaking and dead code elimination
- 🚀 PWA Ready: Service worker with advanced caching strategies
|
Required:
|
Recommended:
|
🚀 Option 1: One-Click Deploy (Recommended)
💻 Option 2: Local Development
# 1️⃣ Clone the repository
git clone https://github.com/Xenonesis/code-guardian-report.git
cd code-guardian-report
# 2️⃣ Install dependencies (choose one)
npm install # Using npm
yarn install # Using yarn
bun install # Using bun (fastest)
# 3️⃣ Start development server
npm run dev # Using npm
yarn dev # Using yarn
bun dev # Using bun
# 4️⃣ Open in browser
# Navigate to http://localhost:5173Create a .env file in the root directory:
# Firebase Configuration (Required for cloud features)
VITE_FIREBASE_API_KEY=your_api_key_here
VITE_FIREBASE_AUTH_DOMAIN=your_project.firebaseapp.com
VITE_FIREBASE_PROJECT_ID=your_project_id
VITE_FIREBASE_STORAGE_BUCKET=your_project.appspot.com
VITE_FIREBASE_MESSAGING_SENDER_ID=your_sender_id
VITE_FIREBASE_APP_ID=your_app_id
# AI Integration (Optional - for AI features)
VITE_OPENAI_API_KEY=sk-...
VITE_ANTHROPIC_API_KEY=sk-ant-...
VITE_GOOGLE_API_KEY=AIza...
# GitHub Integration (Optional - for private repos)
VITE_GITHUB_TOKEN=ghp_...graph LR
A[npm run dev] -->|Development| B[localhost:5173]
C[npm run build] -->|Production| D[dist/]
E[npm run preview] -->|Test Build| F[localhost:4173]
style A fill:#10B981
style C fill:#3B82F6
style E fill:#F59E0B
| Command | Description | Usage |
|---|---|---|
dev |
Start development server | npm run dev |
build |
Build for production | npm run build |
preview |
Preview production build | npm run preview |
build:production |
Build with production optimizations | npm run build:production |
type-check |
Run TypeScript type checking | npm run type-check |
start |
Alias for dev command | npm start |
serve |
Alias for preview command | npm run serve |
Create a .env.local file in the root directory:
# AI Provider Configuration (Optional)
VITE_OPENAI_API_URL=https://api.openai.com/v1
VITE_ANTHROPIC_API_URL=https://api.anthropic.com/v1
VITE_GEMINI_API_URL=https://generativelanguage.googleapis.com
# Keys (do not commit)
VITE_OPENAI_API_KEY=
VITE_ANTHROPIC_API_KEY=
VITE_GEMINI_API_KEY=
# GitHub analysis
VITE_GITHUB_TOKEN=
# Firebase (optional)
VITE_FIREBASE_API_KEY=
VITE_FIREBASE_AUTH_DOMAIN=
VITE_FIREBASE_PROJECT_ID=
VITE_FIREBASE_STORAGE_BUCKET=
VITE_FIREBASE_MESSAGING_SENDER_ID=
VITE_FIREBASE_APP_ID=
# Application Settings
VITE_APP_NAME="Code Guardian Report"
VITE_APP_VERSION="8.6.0"Security note: create .env.local only; ensure .gitignore excludes it.
Add a workflow at .github/workflows/code-guardian.yml:
name: Code Guardian
on:
pull_request:
branches: [ main ]
jobs:
analyze:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with: { node-version: 20 }
- run: npm ci
- run: npm run build
- name: Run analysis
run: node scripts/e2e-zip-analysis.ts --zip ./artifact.zip --out ./report.sarif
- uses: github/codeql-action/upload-sarif@v3
with: { sarif_file: report.sarif }# Submit analysis by Git URL
curl -X POST https://your-host/api/analyze \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{"gitUrl":"https://github.com/owner/repo","ref":"main"}'
# Retrieve report
curl -H "Authorization: Bearer $TOKEN" \
https://your-host/api/report/ANALYSIS_ID
Drag & drop ZIP files or analyze GitHub repos directly ZIP Upload | GitHub URL
|
Configure AI providers for enhanced insights GPT-4 | Claude | Custom
|
Interactive dashboard with detailed reports Export in 5+ formats
|
| Feature | Description | Details |
|---|---|---|
| 🔗 GitHub Analysis | Direct repository analysis from URL | Public repos, all branches, automatic ZIP packaging |
| 📁 File Upload | Drag & drop ZIP file analysis | Intelligent parsing, progress tracking, validation |
| 🔍 Multi-Language | 8+ programming languages | JavaScript, TypeScript, Python, Java, PHP, Ruby, Go, C# |
| 🛡️ Security Detection | 100+ vulnerability patterns | SQL Injection, XSS, Code Injection, Command Injection, etc. |
| 🔐 Secret Scanning | 9 secret detection types | API keys, tokens, credentials, private keys, entropy analysis |
| 🎯 OWASP & CWE | Industry standard mapping | Top 10 + 90+ additional patterns with CWE IDs |
| 🤖 AI Integration | Multi-model AI support | OpenAI GPT-4, Claude, Google Gemini with failover |
| 📊 4-Phase Analysis | Comprehensive scanning | Pattern → AST → Data Flow → Dependencies |
| 💾 Dual Storage | Local + Cloud persistence | IndexedDB for local, Firebase for cloud sync |
| 📈 Real-time Results | Interactive dashboard | Sortable, filterable, exportable reports |
| 🔔 Notifications | Smart alert system | Priority-based, batched, browser notifications |
| 🪝 Webhook Support | CI/CD integration | GitHub, GitLab, Bitbucket webhooks |
| 📄 Export Options | Multiple formats | PDF, JSON, XML, CSV with compression |
| 📱 PWA Ready | Progressive Web App | Offline support, installable, service worker |
| 🎨 Dark Mode | Theme switching | Persistent user preference |
| 🔒 Authentication | Secure OAuth | Google and GitHub sign-in with Firebase |
| 🔐 Secret Detection | AI-powered secret and credential detection | API Keys, JWT Tokens, DB Credentials, Private Keys |
| 🧠 AI Fix Suggestions | Intelligent vulnerability remediation with code patches | Multiple approaches, Confidence scoring, Risk assessment |
| 🔍 Secure Code Search | Comprehensive database of secure coding patterns | Secure examples, Vulnerability alternatives, Best practices |
| 🛡️ Code Provenance | File integrity monitoring and tampering detection | SHA-256 checksums, Change tracking, Alert system |
| 📊 Quality Metrics | Comprehensive code quality assessment | Complexity, Maintainability, Technical Debt |
| 🤖 AI Insights | Intelligent recommendations and fixes | GPT-4, Claude-3, Gemini, Custom Models |
| 📤 Export Options | Multiple export formats for reports | JSON, CSV, PDF, HTML, XML |
| Category | Tool | Description | Languages |
|---|---|---|---|
| **Security Analysis** | Bandit | Security vulnerability scanner | Python |
| Semgrep | Static analysis for security | Multi-language | |
| Secret Scanner | AI-powered secret and credential detection | Multi-language | |
| **Code Quality** | ESLint | Identifies bugs and code quality issues | JavaScript/TypeScript |
| Pylint | Comprehensive code quality checker | Python | |
| Flake8 | Style guide enforcement and convention checking | Python |
Define specific vulnerability patterns |
Adjust severity levels and rule sets |
GitHub Actions, Jenkins, GitLab CI |
RESTful API for automation |
Try our platform with real-time analysis and interactive features
<table style="margin: 0 auto;">
<tr>
<td align="center" style="padding: 20px;">
<div style="background: rgba(255,255,255,0.2); padding: 20px; border-radius: 15px; backdrop-filter: blur(10px);">
<img src="https://img.icons8.com/fluency/64/monitor.png" alt="Desktop Demo" style="filter: drop-shadow(0 4px 8px rgba(0,0,0,0.3));"/>
<br/><strong style="color: white; font-size: 16px;">Desktop Experience</strong>
<br/><span style="color: rgba(25,255,255,0.9); font-size: 12px;">Full-featured dashboard</span>
<br/><a href="https://code-guardian-report.vercel.app" target="_blank" style="text-decoration: none;">
<img src="https://img.shields.io/badge/🚀%20Try%20Desktop-Live%20Demo-4F46E5?style=flat-square&logoColor=white" alt="Desktop Demo" style="margin-top: 10px;"/>
</a>
</div>
</td>
<td align="center" style="padding: 20px;">
<div style="background: rgba(255,255,255,0.2); padding: 20px; border-radius: 15px; backdrop-filter: blur(10px);">
<img src="https://img.icons8.com/fluency/64/smartphone.png" alt="Mobile Demo" style="filter: drop-shadow(0 4px 8px rgba(0,0,0,0.3));"/>
<br/><strong style="color: white; font-size: 16px;">Mobile Experience</strong>
<br/><span style="color: rgba(25,255,255,0.9); font-size: 12px;">Responsive design</span>
<br/><a href="https://code-guardian-report.vercel.app" target="_blank" style="text-decoration: none;">
<img src="https://img.shields.io/badge/📱%20Try%20Mobile-Live%20Demo-10B981?style=flat-square&logoColor=white" alt="Mobile Demo" style="margin-top: 10px;"/>
</a>
</div>
</td>
<td align="center" style="padding: 20px;">
<div style="background: rgba(255,255,255,0.2); padding: 20px; border-radius: 15px; backdrop-filter: blur(10px);">
<img src="https://img.icons8.com/fluency/64/api.png" alt="API Demo" style="filter: drop-shadow(0 4px 8px rgba(0,0,0,0.3));"/>
<br/><strong style="color: white; font-size: 16px;">API Integration</strong>
<br/><span style="color: rgba(25,255,255,0.9); font-size: 12px;">Developer tools</span>
<br/><a href="#-api-documentation" style="text-decoration: none;">
<img src="https://img.shields.io/badge/🔌%20API%20Docs-Documentation-F59E0B?style=flat-square&logoColor=white" alt="API Docs" style="margin-top: 10px;"/>
</a>
</div>
</td>
</tr>
</table>
| 🚀 Feature | 🆓 Free Version | 💎 Pro Version | 🏢 Enterprise |
|---|---|---|---|
| 🔍 Basic Security Scan | ✅ | ✅ | ✅ |
| 🤖 AI Fix Suggestions | ❌ | ✅ | ✅ |
| 🔗 Code Provenance | ❌ | ✅ | ✅ |
| 🕵️ Advanced Secret Detection | ❌ | ✅ | ✅ |
| 📊 Analytics Dashboard | Basic | Advanced | Enterprise |
| 🔌 API Access | ❌ | Limited | Unlimited |
| 👥 Team Collaboration | ❌ | 5 Users | Unlimited |
| 🛡️ SLA & Support | Community | 24/7 Priority |
Interactive Mermaid diagram of system flow
|
Clean, intuitive dashboard with real-time analytics |
Comprehensive security vulnerability detection |
Beautiful data visualization with Recharts |
AI-powered recommendations and insights |
Fully responsive design optimized for mobile devices
|
|
- Theme Configuration: Modify
tailwind.config.tsfor custom colors and styles - Component Customization: Update
components.jsonfor shadcn/ui component paths - Analysis Rules: Configure analysis tool settings in the upload form
npm run buildnpm install -g vercel
vercel --prodnpm run build
# Upload dist/ folder to Netlifynpm run build
# Configure GitHub Actions for automatic deployment- Code Splitting: Automatic route-based splitting
- Lazy Loading: Components loaded on demand
- Asset Optimization: Images and icons optimized for web
- Caching Strategy: Service worker integration for offline support
- OWASP ASVS Level 2 alignment for web features
- SOC 2 readiness checklist (policy, logging, incident response)
- SBOM generation (experimental) with license and vulnerability summary
- Supply-chain hardening: lockfile integrity, subresource integrity for CDN assets
- Local Processing: Code analysis performed client-side when possible
- Secure Transmission: All API communications use HTTPS
- No Permanent Storage: Files automatically deleted after processing
- Privacy-First: No tracking or analytics without consent
- Encrypted Storage: API keys stored securely in browser
- No Server Storage: Keys never transmitted to our servers
- Easy Management: Add, remove, and update keys safely
- Provider Isolation: Each provider's keys stored separately
- Chrome 90+
- Firefox 88+
- Safari 14+
- Edge 90+
- iOS Safari 14+
- Chrome Mobile 90+
- Samsung Internet 14+
- WCAG 2.1 AA Compliant: Full accessibility standards compliance
- Screen Reader Support: Optimized for NVDA, JAWS, and VoiceOver
- Keyboard Navigation: Complete keyboard accessibility
- High Contrast: Support for high contrast mode
- Reduced Motion: Respects user motion preferences
We welcome contributions! Please follow these steps:
- Fork the repository
- Create a feature branch:
git checkout -b feature/amazing-feature - Make your changes and add tests
- Run linting:
npm run lint - Commit changes:
git commit -m 'Add amazing feature' - Push to branch:
git push origin feature/amazing-feature - Open a Pull Request
- Follow TypeScript best practices
- Maintain accessibility standards
- Add tests for new features
- Update documentation as needed
- Follow conventional commit messages
95/100 |
98/100 |
96/100 |
92/100 |
LCP < 2.5s |
FID < 100ms |
CLS < 0.1 |
TTI < 3.8s |
- New API and CI/CD documentation; added SARIF export guidance
- Expanded environment configuration with multi-provider keys
- UX improvements: command palette, compact mode, better error states
- Enterprise documentation: SSO, RBAC, audit logs, data residency
- Self-hosting section with optional Firebase and push setup
- 🔄 Version Synchronization: Updated all version references across the entire project for consistency
- 📦 Dependency Alignment: Synchronized package.json, manifest, and service worker versions
- 🛠️ Build Optimization: Enhanced Vite configuration with advanced chunk splitting strategies
- 🎯 TypeScript Updates: Upgraded to TypeScript 5.9 with improved type checking
- 📋 Documentation: Updated README.md with current accurate project details and dependencies
See changelogs.md for the full version history.
UML Class Diagram of the system
gantt
title Code Guardian Development Roadmap
dateFormat YYYY-MM-DD
section Q1 2025
Multi-language Support :2025-01-01, 30d
Progressive Web App :2025-01-15, 45d
Git Integration :2025-02-01, 30d
section Q2 2025
Team Collaboration :2025-04-01, 45d
Custom Rules Engine :2025-04-15, 30d
Voice Commands :2025-05-01, 30d
section Q3 2025
Machine Learning :2025-07-01, 60d
Enterprise Features :2025-08-01, 45d
Plugin System :2025-09-01, 30d
🎯 Detailed Feature Breakdown
|
🌍 Internationalization
📱 Progressive Web App
|
🔗 Git Integration
👥 Team Features
|
- 🤖 AI Model Marketplace: Integrate and deploy custom AI models
- 🎤 Voice Commands: Voice-controlled navigation and file upload
- 🧠 Custom ML Models: Project-specific analysis with machine learning
- 🏢 Enterprise Suite: SSO, audit logs, compliance reporting
- 🔌 Plugin Ecosystem: Extensible architecture for third-party integrations
- 📊 Predictive Analytics: Trend forecasting and risk prediction
- 🔒 Advanced Security: Zero-trust architecture and enhanced encryption
- 🌐 Internationalization: Support for more languages and locales
- 📱 Mobile App: Native mobile companion app
This project is licensed under the MIT License. See the LICENSE file for details.
Aditya Kumar Tiwari
- 🎓 BCA in Cybersecurity, Sushant University
- 💼 Cybersecurity Enthusiast | Full-Stack Developer | Lifelong Learner
- 📧 Email: [email protected]
- 🐙 GitHub: @Xenonesis
- 💼 LinkedIn: Aditya Kumar Tiwari
- 📸 Instagram: @i__aditya7
- 🌐 Portfolio: iaddy.netlify.app
Passionate about the intersection of cybersecurity and development, Aditya specializes in creating secure and scalable solutions. Currently pursuing BCA in Cybersecurity with expertise in Python, JavaScript, Linux, and Cloud Computing. Committed to building impactful digital experiences that prioritize security and innovation.
- React Team - For the amazing React framework
- Vite Team - For the excellent Vite build tool
- Tailwind Labs - For the utility-first CSS framework
- Radix UI - For accessible component primitives
- shadcn - For the beautiful component library
- Open Source Community - For the incredible tools and libraries
If you encounter any issues or have questions:
- Check the Issues: GitHub Issues
- Create a New Issue: Provide detailed information about your problem
- Email Support: [email protected]
- Community Discussions: Join our community discussions
Thank you to our amazing community for making Code Guardian possible!
Meet the amazing developers who have contributed to Code Guardian
|
_7adi; @Xenonesis 🚀 Creator Project Creator & Lead Developer
47 commits
|
Muneer Ali @Muneerali199 👤 Contributor Contributor
4 commits
|
Sudharshan Paul @sudharshanpaul 👤 Contributor Contributor
4 commits
|
Jils Patel @Jils31 👤 Contributor Contributor
3 commits
|
|
Baranidharan @Baranidharanv06 👤 Contributor Contributor
2 commits
|
Pathan Mo. Faizan Khan @pathan-07 👤 Contributor Contributor
1 commits
|
Shubhranshu Sahu @shubhranshu-sahu 👤 Contributor Contributor
1 commits
|
Bhuvaneshwari Mallesh @bhuvnaaaaaa 👤 Contributor Contributor
1 commits
|
We appreciate every contribution, no matter how big or small!
🙏 Thank you to all 8 contributors who make Code Guardian possible!
Made with ❤️ by Code Guardian Team | © 2025 Code Guardian Report
|
Aditya Kumar Tiwari Creator & Lead Developer |
"The only way to do great work is to love what you do." - Steve Jobs
Made with ❤️ by Code Guardian Team | © 2025 Code Guardian Report
Empowering developers to build secure software, one line of code at a time.
