You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
OpenAuditKit is an open-source CLI security audit tool designed to scan your codebase for secrets and configuration vulnerabilities. It emphasizes offline capability, modular design, and secure handling of sensitive data (secret masking).
Unlock advanced capabilities by configuring your OpenAI API key:
23
+
**OpenAuditKit** is not just another linter. It's an intelligent security companion that lives in your terminal. Unlike traditional tools that drown you in false positives, OpenAuditKit combines robust pattern matching (Regex & Entropy) with **Context-Aware AI Agents** to understand *why* a piece of code might be dangerous.
29
24
30
-
```bash
31
-
# 1. Configure API Key
32
-
openaudit config set-key sk-your-key-here
25
+
Whether you are a solo developer or part of a large enterprise, OpenAuditKit helps you ship secure code faster.
33
26
34
-
# 2. Run Scan with AI Agents
35
-
openaudit scan . --ai
27
+
## ✨ Key Features
36
28
37
-
# 3. Explain a specific file
38
-
openaudit explain openaudit/main.py
39
-
```
29
+
| Feature | Description |
30
+
| :--- | :--- |
31
+
|**🕵️ Secret Scanning**| Detects API keys, tokens, and credentials with high-entropy validation. |
32
+
|**⚙️ Config Audit**| Discovers misconfigurations in `Dockerfile`, `.env`, `Kubernetes`, and more. |
33
+
|**🧠 AI Advisory**|**(New)** Integrated AI Agents explain vulnerabilities and suggest fixes. |
34
+
|**🏗️ Architecture Analysis**| AI agents analyze your project structure for design flaws. |
35
+
|**🛡️ Threat Modeling**| auto-generates STRIDE threat models based on your codebase. |
36
+
|**🔌 Integrations**| Native support for CI/CD pipelines (GitHub Actions, GitLab CI). |
37
+
|**📝 JSON Reporting**| Export findings for easy integration with dashboards like DefectDojo. |
38
+
39
+
## 🚀 Installation
40
40
41
-
**AI Agents:**
42
-
-**Architecture Agent**: Reviews modularity and dependencies.
43
-
-**Cross-File Agent**: Traces dangerous data flows across modules.
0 commit comments