🛡️ Security Assistant

Open-source security scanner orchestrator. Free forever, no license required.

Security Assistant orchestrates multiple security scanners (Bandit, Semgrep, Trivy, Nuclei), deduplicates findings, and prioritizes them using Context Intelligence (KEV, Reachability, False Positive Detection).

🚀 Live Demo: Try our AI-powered security assistant at workstation-five.vercel.app

---

🎯 Who is this for?

• Developers: Get immediate security feedback without waiting for CI pipeline
• SecOps: Unified reports from multiple tools without glue code
• Startups: Enterprise-grade security features (SAST, SCA, Secrets) for free
• Pentesters: CLI-first automation for vulnerability discovery

---

⚡ Quick Start

Get running in 30 seconds. Works on Linux/macOS/WSL; Windows via PowerShell supported.

1. Install

pip install security-assistant

# Install required scanners (if not already present)
pip install bandit semgrep

# Note: Trivy and Nuclei must be installed separately
# See docs/installation.md for details

2. Scan

# Scan current directory
security-assistant scan .

# With specific scanners
security-assistant scan . --scanners bandit,semgrep,trivy

# With LLM explanations (bring your own API key)
export OPENAI_API_KEY=your_api_key_here
security-assistant scan . --llm openai

3. View Report

Open security-reports/report.html in your browser to see the interactive dashboard.

---

🚀 Key Features

✅ Available Now (v2.0.0)

Feature	Description
Multi-Scanner Orchestration	Bandit, Semgrep, Trivy, Nuclei (DAST)
Offensive Security Suite	Nmap, SQLMap, OWASP ZAP integration
Shellcode Generator	Custom payload generation for security research
WAF Bypass Engine	Evasion techniques for penetration testing
Bug Bounty Automation	HackerOne and Bugcrowd API integration
Intelligent Deduplication	Merge identical findings across scanners
Context Intelligence	KEV (CISA), Reachability Analysis, FP Detection
LLM Integration	Explain vulns & suggest fixes (OpenAI, Anthropic, NVIDIA NIM)
Auto-Fix Pull Requests	LLM-powered fix generation with GitLab MR automation
Batch Remediation	Fix multiple findings in one MR with smart grouping
Test Generation	Automatic pytest test generation for each fix
Auto-PoC Generation	Template-based exploits for SQLi, XSS
CI/CD Ready	SARIF for GitHub, JSON for GitLab Code Quality
Output Formats	JSON, HTML, Markdown, SARIF

🚧 Roadmap (v2.1+)

Feature	Status
Cloud Scanning (AWS/Azure)	📋 Planned (v2.1)
SaaS Dashboard (Multi-tenant)	📋 Planned (v2.1)
Autonomous Remediation Agents	🗓️ Planned Q2 2026
Vulnerable Lab Environment	🚧 In Rework
SIEM Integration	🗓️ Planned Q2 2026

---

🏗️ How It Works

┌─────────────┐
│   Your Code │
└──────┬──────┘
       │
       v
┌─────────────────────────────────┐
│     Security Assistant Core     │
│  ┌───────────────────────────┐  │
│  │ Scanner Orchestration     │  │
│  │ (Parallel Execution)      │  │
│  └────────┬──────────────────┘  │
│           │                      │
│  ┌────────v──────────────────┐  │
│  │ Normalization & Dedup     │  │
│  └────────┬──────────────────┘  │
│           │                      │
│  ┌────────v──────────────────┐  │
│  │ Context Intelligence      │  │
│  │ - KEV (CISA)              │  │
│  │ - Reachability            │  │
│  │ - FP Detection            │  │
│  └────────┬──────────────────┘  │
│           │                      │
│  ┌────────v──────────────────┐  │
│  │ Optional: LLM Analysis    │  │
│  │ (BYOK - Your API Key)     │  │
│  └────────┬──────────────────┘  │
└───────────┼──────────────────────┘
            │
            v
   ┌────────────────┐
   │ HTML/JSON/SARIF│
   │    Reports     │
   └────────────────┘

---

🆚 Why Security Assistant?

Feature	Standalone Tools	Security Assistant
Unified Output	❌ Separate formats	✅ Single JSON/HTML/SARIF
Noise Reduction	❌ High	✅ Low (Deduplication + FP Detection)
Prioritization	❌ Severity only	✅ Severity + KEV + Reachability
Remediation	⚠️ Basic messages	✅ Code Examples & Fix Templates
Setup Time	🕒 Hours (configs, scripts)	⚡ Seconds (one command)
Price	💰 Varies	✅ $0 (OSS, MIT License)

---

🤖 CI/CD Integration

GitHub Actions

name: Security Scan

on: [push, pull_request]

jobs:
  security:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      
      - name: Set up Python
        uses: actions/setup-python@v4
        with:
          python-version: '3.11'
      
      - name: Install Security Assistant
        run: pip install security-assistant
      
      - name: Install Scanners
        run: |
          pip install bandit semgrep
          # Install Trivy (see docs/installation.md)
      
      - name: Run Scan
        run: security-assistant scan . --format sarif
      
      - name: Upload SARIF
        uses: github/codeql-action/upload-sarif@v2
        with:
          sarif_file: security-reports/report.sarif

GitLab CI

security_scan:
  image: python:3.11
  script:
    - pip install security-assistant
    - security-assistant scan . --format json
  artifacts:
    reports:
      codequality: security-reports/report.json

More examples in docs/integrations/.

---

📖 Documentation

• Installation Guide
• Configuration Guide
• Scanner Documentation
• CI/CD Integration Examples
• Product Roadmap

---

🤝 Contributing

We love contributions! See CONTRIBUTING.md for details.

Looking for something to do?

• Good First Issues
• Feature Requests

---

📄 License

MIT License — see LICENSE for details.

Disclaimer: This tool is for defensive security purposes only. Use responsibly.

---

🌟 Star History

If you find this useful, give us a star! ⭐

---

📬 Contact

• Issues: GitHub Issues
• Discussions: GitHub Discussions
• Website: workstation-five.vercel.app