AuditLuma  by Vistaminc

AI-powered system for intelligent code security auditing

Created 1 year ago
251 stars

Top 99.8% on SourcePulse

GitHubView on GitHub
Project Summary

Summary

AuditLuma is an AI-powered code auditing system for comprehensive security analysis. It employs multi-agent cooperation (MCP) and advanced RAG techniques like Self-RAG to detect vulnerabilities and suggest fixes. Supporting local LLMs via Ollama, it offers precise analysis for diverse development environments.

How It Works

The core is a four-layer Hierarchical RAG architecture: Haystack-AI orchestrator for task management, txtai for semantic retrieval, R2R for context enhancement, and Self-RAG for multi-model validation. This layered approach boosts precision, efficiency, and robustness by minimizing false positives and enabling semantic understanding.

Quick Start & Requirements

Clone the repo and run pip install -r requirements.txt. Python 3.8+ is required. Install faiss-cpu or faiss-gpu for large codebases. A typical run command is python main.py --architecture hierarchical --haystack-orchestrator ai -d ./your-project. Documentation is available within the repository.

Highlighted Details

  • Hierarchical RAG Architecture: Novel four-layer system (Haystack, txtai, R2R, Self-RAG) for advanced analysis.
  • Multi-LLM Vendor Support: Integrates with OpenAI, DeepSeek, Qwen, etc., and Ollama for local models.
  • Advanced Analysis: Cross-file vulnerability detection, global context building (call graphs, data flow), taint analysis.
  • Adaptive Architecture: Automatically optimizes configuration by project scale, with orchestrator fallbacks.
  • MCP & Self-RAG: Enhances agent coordination and validation accuracy, reducing false positives.

Maintenance & Community

Maintained by the "AuditLuma Team." Contributions via GitHub pull requests. Community interaction via QQ group (1047736593). Partnership with "Cotton Candy Cybersecurity Circle."

Licensing & Compatibility

Released under the MIT license, permitting commercial use and integration into closed-source projects.

Limitations & Caveats

The system includes fallback mechanisms for its AI orchestrator, suggesting potential stability considerations. Performance may vary significantly with project size due to its adaptive architecture. Configuration for diverse LLM providers might require careful setup.

Health Check
Last Commit

11 months ago

Responsiveness

Inactive

Pull Requests (30d)
0
Issues (30d)
0
Star History
3 stars in the last 30 days

Explore Similar Projects

Feedback? Help us improve.