A web-based tool that performs security analysis on Nodejs repositories, providing threat modeling and vulnerability assessments with AI-powered risk evaluation.
- Triage of false-positives
- Threat modeling
- Interactive dashboard visualization
Augments LLMs with context-specific security metadata and open source intelligence from the GitHub advisories database.
The application follows a client-server architecture:
- Pure JavaScript web interface
- Marked.js for Markdown rendering
- Dynamic vulnerability card generation
- Risk level visualization
- REST API endpoint (
/analyze) - GitHub repository processing
- Vulnerability scanning
- AI-enhanced risk assessment
- Clone the repository
- Add your GitHub and OpenAI API keys
- Start the agent server:
cd agent npm install npm start - Start the frontend server:
cd frontend npm install npm start - Enter a GitHub repository URL and click "Analyze"
Accepts a GitHub repository URL and returns:
- Threat model (in Markdown format)
- Vulnerability analysis with:
- Package information
- Contextual risk levels
- Exploitability assessment
- Required conditions
- Recommended mitigations