DevScope AI is a premium, professional-grade static code analysis and security auditing platform designed to protect and optimize repositories. Built with a high-performance .NET 10 backend, a stunning Blazor WebAssembly client dashboard, and synchronized cloud storage with Supabase, it automates the detection of critical vulnerabilities, hardcoded secrets, and architectural technical debt.
Here is a comprehensive tour of the DevScope AI application interfaces, showing all major platform pages in action:
Premium landing page with interactive scanning uplink, and a secure JWT authorization login screen:
- Landing page: Features real-time AI code review summaries and visual metric cards.
- Login screen: Full terminal-style interactive authentication node.
| Landing Page Preview | Secure Login Uplink |
|---|---|
 |
 |
- Dashboard Overview: Displays average health score progress gauges, health trend charts (last 5 scans), key metrics, and complete repository scan histories.
- Interactive Scanner: Live terminal-style cloning, dependency discovery, and dynamic pipeline logs output.
| Dashboard Overview | Live Scanner Panel |
|---|---|
 |
 |
- Deep Code Reports: Highlights security severity breakdown, automated remediation plans, custom AI recommendations, and export options (PDF/CSV).
- Scan Comparison: Detailed historical delta tracking showing fixed vs. newly introduced security issues between baseline and recent commits.
| Deep Analysis Reports | Scan Comparison |
|---|---|
 |
 |
- System Administration: Enables registered user account suspension, user plan upgrades (Free -> Pro -> Team), global stats tracking, and recent activity monitoring.
- Settings & API Keys: Secure profile configuration, toggleable alerts/notifications, and team-tier CI/CD API token generation.
| Settings & Configurations | System Admin Dashboard |
|---|---|
 |
 |
| User List & Activity Feed |
|---|
 |
DevScope AI processes repository scans through a highly disciplined, multi-phase static analysis pipeline:
graph TD
A[Start Scan Request] --> B[Clone Repository]
B --> C[File Walking & Discovery]
C --> D[Parallel Static Analyzers]
D --> E[Git History Secret Scanner]
D --> F[Deep Git Object Forensics]
E --> G[Confidence Scorer]
F --> G
G --> H[Git Blame Attribution]
H --> I[Attack Chain Correlation]
I --> J[Capped Scoring Calculation]
J --> K[Supabase & SQLite Persistence]
K --> L[Generate Live Reports / export PDF]
Runs multi-threaded parallel analyzers analyzing:
- Security Vulnerabilities: Command Injection, SQL Injection, and Exposed private keys/secrets.
- Weak Cryptography: Deprecated algorithms (MD5, SHA-1, DES, predictable pseudo-random seeds).
- Performance bottlenecks: Database N+1 loops, blocking sync-over-async practices, and expensive collection iterations.
- Dependency Hygiene: Banned, deprecated, or vulnerable third-party library imports.
- Capped Scoring System: Utilizes non-linear scoring algorithms to prevent minor cascades of style or info issues from completely tanking health scores, keeping reports fair and actionable.
- Author Blame Enrichment: Directly attributes every security warning to a commit and author using deep integration with
git blame.
- Automatically limits active execution slots using a global semaphore (maximum 3 concurrent scans system-wide).
- Limits per-IP concurrency to 1 active scan to prevent denial-of-service attempts.
- Issue Delta Logic: Tracks historical security trends and highlights exactly which issues were resolved vs. newly introduced between any two repository scans.
- .NET 10 SDK (Installed on path)
- Git (Command line interface available)
- Supabase Account (For secure JWT Authentication & Data sync)
Create or edit your local appsettings.json file inside DevScope.API:
{
"Supabase": {
"Url": "https://your-project.supabase.co",
"Key": "your-supabase-service-role-key",
"JwtSecret": "your-supabase-jwt-signing-secret"
}
}Create or edit your local wwwroot/appsettings.json file inside BlazorApp1:
{
"Supabase": {
"Url": "https://your-project.supabase.co",
"Key": "your-supabase-anon-key"
}
}# 1. Start the API Backend
cd DevScope.API
dotnet run
# 2. Start the Blazor WASM Client (in a separate terminal)
cd BlazorApp1
dotnet run- Argument Injection Protection: All third-party shell execution calls avoid generic shell interpreters and strictly configure command actions via the safe
ProcessStartInfo.ArgumentListcollection. - Database Casing Mappings: Enforces Postgrest lowercase
snake_casedatabase table column mappings for smooth, warning-free cloud querying. - Zero-Allocation Logging: Structured and throttled log writing prevents high CPU garbage collection pauses under telemetry overload.