Show HN: TheAuditor – Offline security scanner for AI-generated code
2 days ago
- #code security
- #static analysis
- #AI-assisted development
- TheAuditor is an AI-centric SAST and code intelligence platform designed for AI-assisted development workflows.
- It detects security vulnerabilities, tracks data flow, analyzes architecture, and identifies refactoring issues.
- The platform orchestrates industry-standard tools like ESLint, Ruff, and MyPy, producing AI-ready reports.
- Unlike traditional SAST tools, TheAuditor provides verifiable ground truth for both developers and AI assistants.
- Installation involves cloning the repository, installing with system Python, and setting up a sandbox environment.
- Key directories include ~/tools/TheAuditor for the tool and ~/my-project/.pf/ for analysis results.
- TheAuditor addresses AI's blind spots by enabling self-correction through recursive auditing and fixing loops.
- It solves issues like AI writing insecure code, introducing bugs, and lacking verification capabilities.
- The tool's philosophy rejects current trends by focusing on verifiable data and AI-digestible structured output.
- TheAuditor includes features like dependency graph visualization, refactoring impact analysis, and technical scoring insights.
- Antivirus conflicts are expected due to the nature of security scanning, but no security compromises are recommended.
- Common troubleshooting tips include updating the tool, reinstalling sandboxes, and ensuring correct Python usage.
- The project welcomes contributions, especially for adding support for new languages and frameworks.
- Licensed under AGPL-3.0, with commercial use requiring additional licensing.