Skip to content

README.md

Latest commit

 

History

History
141 lines (109 loc) · 6.25 KB

README.md

File metadata and controls

141 lines (109 loc) · 6.25 KB

🛡️ DevScope AI — Advanced Static Security & Code Quality Platform

DevScope AI is a premium, professional-grade static code analysis and security auditing platform designed to protect and optimize repositories. Built with a high-performance .NET 10 backend, a stunning Blazor WebAssembly client dashboard, and synchronized cloud storage with Supabase, it automates the detection of critical vulnerabilities, hardcoded secrets, and architectural technical debt.

📸 Platform Showcase

📊 Modern User Interface Gallery

Here is a comprehensive tour of the DevScope AI application interfaces, showing all major platform pages in action:

1. 🌐 Landing & Uplink Authentication

Premium landing page with interactive scanning uplink, and a secure JWT authorization login screen:

  • Landing page: Features real-time AI code review summaries and visual metric cards.
  • Login screen: Full terminal-style interactive authentication node.
Landing Page Preview Secure Login Uplink
Landing Page Preview Secure Login Uplink

2. 📈 Central Dashboard & Live Scanner

  • Dashboard Overview: Displays average health score progress gauges, health trend charts (last 5 scans), key metrics, and complete repository scan histories.
  • Interactive Scanner: Live terminal-style cloning, dependency discovery, and dynamic pipeline logs output.
Dashboard Overview Live Scanner Panel
Dashboard Overview Live Scanner Panel

3. 🛡️ Vulnerability Reports & Scan Comparison

  • Deep Code Reports: Highlights security severity breakdown, automated remediation plans, custom AI recommendations, and export options (PDF/CSV).
  • Scan Comparison: Detailed historical delta tracking showing fixed vs. newly introduced security issues between baseline and recent commits.
Deep Analysis Reports Scan Comparison
Deep Analysis Reports Scan Comparison

4. 🔑 Admin Panel & User Preferences

  • System Administration: Enables registered user account suspension, user plan upgrades (Free -> Pro -> Team), global stats tracking, and recent activity monitoring.
  • Settings & API Keys: Secure profile configuration, toggleable alerts/notifications, and team-tier CI/CD API token generation.
Settings & Configurations System Admin Dashboard
Settings & Configurations System Admin Dashboard
User List & Activity Feed
User List & Activity Feed

🏗️ System Architecture

DevScope AI processes repository scans through a highly disciplined, multi-phase static analysis pipeline:

graph TD
    A[Start Scan Request] --> B[Clone Repository]
    B --> C[File Walking & Discovery]
    C --> D[Parallel Static Analyzers]
    D --> E[Git History Secret Scanner]
    D --> F[Deep Git Object Forensics]
    E --> G[Confidence Scorer]
    F --> G
    G --> H[Git Blame Attribution]
    H --> I[Attack Chain Correlation]
    I --> J[Capped Scoring Calculation]
    J --> K[Supabase & SQLite Persistence]
    K --> L[Generate Live Reports / export PDF]
Loading

🚀 Key Features

1. 🔍 High-Performance Static Analyzers

Runs multi-threaded parallel analyzers analyzing:

  • Security Vulnerabilities: Command Injection, SQL Injection, and Exposed private keys/secrets.
  • Weak Cryptography: Deprecated algorithms (MD5, SHA-1, DES, predictable pseudo-random seeds).
  • Performance bottlenecks: Database N+1 loops, blocking sync-over-async practices, and expensive collection iterations.
  • Dependency Hygiene: Banned, deprecated, or vulnerable third-party library imports.

2. 🧮 Sophisticated Health Scoring & Attribution

  • Capped Scoring System: Utilizes non-linear scoring algorithms to prevent minor cascades of style or info issues from completely tanking health scores, keeping reports fair and actionable.
  • Author Blame Enrichment: Directly attributes every security warning to a commit and author using deep integration with git blame.

3. ⚖️ Multi-Level Concurrency Rate Limiter

  • Automatically limits active execution slots using a global semaphore (maximum 3 concurrent scans system-wide).
  • Limits per-IP concurrency to 1 active scan to prevent denial-of-service attempts.

4. 🔄 Scan Comparison & Analytics

  • Issue Delta Logic: Tracks historical security trends and highlights exactly which issues were resolved vs. newly introduced between any two repository scans.

🛠️ Setup & Local Installation

1. Prerequisites

  • .NET 10 SDK (Installed on path)
  • Git (Command line interface available)
  • Supabase Account (For secure JWT Authentication & Data sync)

2. Backend Config (DevScope.API)

Create or edit your local appsettings.json file inside DevScope.API:

{
  "Supabase": {
    "Url": "https://your-project.supabase.co",
    "Key": "your-supabase-service-role-key",
    "JwtSecret": "your-supabase-jwt-signing-secret"
  }
}

3. Frontend Config (BlazorApp1)

Create or edit your local wwwroot/appsettings.json file inside BlazorApp1:

{
  "Supabase": {
    "Url": "https://your-project.supabase.co",
    "Key": "your-supabase-anon-key"
  }
}

4. Running the Development Server

# 1. Start the API Backend
cd DevScope.API
dotnet run

# 2. Start the Blazor WASM Client (in a separate terminal)
cd BlazorApp1
dotnet run

🔒 Security Practices & Memory Safety

  • Argument Injection Protection: All third-party shell execution calls avoid generic shell interpreters and strictly configure command actions via the safe ProcessStartInfo.ArgumentList collection.
  • Database Casing Mappings: Enforces Postgrest lowercase snake_case database table column mappings for smooth, warning-free cloud querying.
  • Zero-Allocation Logging: Structured and throttled log writing prevents high CPU garbage collection pauses under telemetry overload.