I made a code security auditor for all you dumb vibe coders – thank me later
a year ago
- #python
- #llm
- #security-auditing
- VulnViper is a security auditing tool for Python codebases using LLMs like OpenAI's GPT and Google's Gemini.
- Features include LLM-powered analysis, comprehensive audits, actionable recommendations, and code summaries.
- Offers both CLI for automation and GUI for interactive use.
- Multi-stage analysis process: file discovery, AST parsing, logical unit identification, and token-based sub-chunking.
- Uses prompt engineering to instruct LLMs for security analysis.
- Results are stored in a local SQLite database and generated as Markdown reports.
- Built with Python, Flet for GUI, SQLite for storage, and supports OpenAI and Gemini APIs.
- Setup requires Python 3.9+, PIP, Git (optional), and an API key for the chosen LLM provider.
- CLI and GUI options for configuration and running scans.
- Outputs include an SQLite database and a Markdown report with findings.
- Encourages contributions for improvements and new features.
- Licensed under MIT License, with a disclaimer about its use as an aid, not a replacement for expert review.