prabool3822/Code-vulnerability-scanner

# 🛡️ Vibe-DevOps (SecurePipe) ## AI Powered DevSecOps Vulnerability Scanner & Auto Deployment Platform Vibe-DevOps is a centralized DevSecOps platform that scans public GitHub repositories for security vulnerabilities, calculates a security score, and automatically deploys secure applications to AWS EC2 using Docker. It combines: - 🔍 Security Scanning - 🚀 Automated Deployment - 🐳 Containerization - ☁️ AWS Hosting - 📊 Real-time Monitoring - 🧠 Runtime Detection into one unified dashboard. # ✨ Features ## 🔍 Security Scanning Engine The platform scans public GitHub repositories using multiple DevSecOps tools: | Tool | Purpose | |------|----------| | Trivy | Dependency & filesystem vulnerability scanning | | Checkov | Docker / Terraform / IaC security scanning | | Semgrep | Source code security analysis | ## 📊 Security Dashboard The dashboard provides: - Real-time scan logs - Live scan stages - Security score calculation - Vulnerability findings - Severity breakdown - Deployment decision - Raw report viewer ## 🚀 Automated Deployment Engine After scanning: - Repositories can be deployed automatically - Runtime is detected dynamically - Docker containers are generated automatically - Application becomes live on AWS EC2 # 🧠 Smart Runtime Detect The deployment engine automatically detects project type. It checks for: | File Detected | Runtime | |---------------|----------| | docker-compose.yml | Docker Compose | | Dockerfile | Docker | | package.json | Node.js | | artisan + composer.json | Laravel | | composer.json | PHP | | index.html | Static Website | # ☁️ Deployment Capabilities The platform supports: - Static websites - Docker applications - Docker Compose projects - React/Vite frontend apps - Node.js APIs - Laravel projects - PHP projects # 📌 Architecture Overview User ↓ Frontend Dashboard (React) ↓ Node.js API Server ↓ Repository Cloning ↓ Security Scanners ├── Trivy ├── Checkov └── Semgrep ↓ Security Policy Engine ↓ Deployment Engine ↓ Docker Runtime ↓ AWS EC2 Hosting # 🧩 Tech Stack ## Frontend - React - Vite - CSS - Lucide Icons ## Backend - Node.js - Express.js ## DevSecOps Tools - Trivy - Checkov - Semgrep ## Infrastructure - Docker - Docker Compose - NGINX - AWS EC2 # 📂 Project Structure code-vulnerability-scanner/ │ ├── api/ │ ├── server.cjs │ └── Dockerfile │ ├── dashboard/ │ ├── main.jsx │ ├── style.css │ └── Dockerfile │ ├── reports/ │ ├── nginx/ │ ├── docker-compose.yml │ └── README.md # ⚙️ How It Works ## 1️⃣ User Enters GitHub Repository Example: https://github.com/user/project ## 2️⃣ Repository Gets Cloned The backend clones the repository into: /tmp/securepipe/ ## 3️⃣ Security Scanning Starts The following scans run automatically: ### 🔍 Trivy Scans: - Dependencies - Packages - CVEs - Filesystem vulnerabilities ### 🔍 Checkov Scans: - Dockerfiles - Terraform - Kubernetes YAML - Infrastructure configuration ### 🔍 Semgrep Scans: - Source code - Security patterns - Dangerous logic - Insecure coding practices ## 4️⃣ Security Score Is Generated The system calculates a score out of **100**. ### Penalties are applied for: - Critical vulnerabilities - High vulnerabilities - Misconfigurations - Unsafe code patterns ## 5️⃣ Policy Engine Decides | Condition | Result | |----------|--------| | Score >= 70 | ✅ Deployment Allowed | | Score < 70 | ❌ Deployment Blocked | Force deployment can also be enabled. ## 6️⃣ Deployment Engine Starts The platform detects: - Docker Compose - Dockerfile - Node.js - Laravel - PHP - Static site Then it: - Builds Docker image - Runs container - Maps public port - Generates live URL # 🌐 Deployment Flow GitHub Repo ↓ Clone Repository ↓ Detect Runtime ↓ Generate Dockerfile (if needed) ↓ Build Docker Image ↓ Run Docker Container ↓ Expose Public Port ↓ Generate Live URL # 📁 Report Storage All scan reports are stored inside: /app/reports/ ### Reports include: - trivy.json - checkov.json - semgrep.json - summary.json # 📜 Deployment Storage Deployment repositories are cloned into: /tmp/securepipe-deployments/ # 🧾 Logs ## 📄 Scan Logs Live scan logs are visible in the dashboard UI. ### They include: - Cloning status - Scan stages - Security analysis - Errors ## 📄 Deployment Logs Deployment logs show: - Runtime detection - Docker build output - Container startup - Live URL generation # 🐳 Run Locally ## 1️⃣ Clone Repository git clone https://github.com/prabool3822/code-vulnerability-scanner.git ## 2️⃣ Enter Project Directory cd code-vulnerability-scanner ## 3️⃣ Build Containers docker compose up -d --build ## 4️⃣ Open Dashboard http:// or https://vibelar.com # 🔥 Deployment Dashboard Deployment dashboard runs on: https://deploy.vibelar.com ## Features - Render-style UI - Live deployment logs - Runtime detection - Service status - Public URLs - Auto deployment tracking # 🧪 Example Repository https://github.com/prabool3822/test # 📊 Example Output After scanning, the dashboard displays: - Security score - Total issues - Vulnerabilities - Misconfigurations - Deployment decision - Live logs # 🚀 CI/CD Pipeline GitHub Actions pipeline automatically: - Builds Docker images - Scans containers - Deploys containers - Verifies API health # 🔒 Security Features - Policy-based deployment blocking - Runtime validation - Non-root container recommendations - Vulnerability explanations - Security scoring - Infrastructure validation # 🌍 Hosting Hosted on: - AWS EC2 - Docker Runtime - NGINX Reverse Proxy - HTTPS using Let's Encrypt # 📌 Future Improvements - OPA policy engine - SonarQube integration - Kubernetes deployment - GitHub OAuth - Multi-user authentication - Deployment rollback - Metrics dashboard - AI remediation engine - Auto scaling # 👨‍💻 Authors ## Prabool **Jr. DevOps Engineer** ## Mridula **Jr. DevOps Engineer** # 📜 License This project is built for learning, DevSecOps experimentation, and deployment automation research.

标签：自定义脚本