Bright Security Agent is an autonomous agent for dynamic application and API security testing directly in your GitHub environment. It analyzes your repository, builds and starts the application from source, automatically configures authentication, registers entrypoints, runs scans via Bright Repeater, and, if needed, proposes fixes for discovered vulnerabilities.

Key Features

• Automated dynamic application security testing: Tests web apps, APIs, MCP tools, GRPC, GraphQL, etc...
• AI-Powered Speed: Fast, intelligent scanning powered by deterministic scanner.
• Remediation & Validation: In full mode, the agent not only finds vulnerabilities but also proposes fixes and validates them for up to 5 rounds.
• Flexible Modes:
  • full: Complete cycle—startup, scan, remediation, validation (with harness fallback).
  • dynamic: Full startup and scan without fallback.
  • function: Scan individual functions via harness.
• Security by Design: All actions are performed only against local targets (localhost, 127.0.0.1, etc.), never external/production addresses.
• OIDC: Secure authentication via GitHub, no secrets stored in the repository.

Why Choose Bright

• Actionable Security Insights: Get clear, prioritized findings with remediation guidance, not noise.
• Comprehensive Coverage: Detects both common and advanced vulnerabilities, including business logic flaws.
• Seamless Developer Experience: Easy to use, integrates with your workflow, and requires minimal setup.
• Secure by Default: Designed to run only against local, non-production targets, keeping your environment safe.

How It Works

1. Detects and starts the target application from source.
2. Performs required setup and configuration steps.
3. Configures and verifies authentication.
4. Registers entrypoints and forms a scan plan.
5. Runs dynamic security testing via Bright Repeater.
6. Collects and analyzes results, proposes fixes, and re-validates them.

Usage Examples

• Full scan and remediation
  "Run a dynamic secuity scan for this application, fix the findings, and validate the fixes."

• Pull request validation
  "@bright-security-agent, scan the controllers affected by this pull request and fix any vulnerabilities found."

Documentation & Support

• Bright Documentation
• Support
• Privacy Policy
• Terms of Service

---

For questions or feedback, please contact the Bright Security team.