AutoFiC

Remediate vulnerable source code at scale using LLMs and automation.

🚀 Overview

AutoFiC is the project, providing a CLI-based automation pipeline for detecting, analyzing, and remediating source code vulnerabilities using the power of LLMs and static analysis tools.

The project is designed for automated security auditing, bulk code scanning, and mass vulnerability remediation across multiple repositories, with seamless integration into modern CI/CD workflows.

✨ Features

• Automated Vulnerability Detection
  Integrates with tools like CodeQL, Semgrep, Snyk Code to identify vulnerabilities in source code.

• LLM-Powered Remediation
  Uses Large Language Models to suggest and patch vulnerabilities automatically.

• Multi-Repository Support
  Bulk-clone and analyze many repositories with configurable filters (e.g., stars, language).

• CLI Tooling
  Command-line interface for easy integration into scripts and CI/CD pipelines.

• SARIF/JSON Reporting
  Outputs results in standardized formats for downstream processing or dashboards.

• Extensible and Modular
  Easily extend with new vulnerability scanners, languages, or custom rules.

🏗️ Architecture

                                            +---------------------+
                                            |   [GitHub Repos]    |
                                            +----------+----------+
                                                       |
                                                       v
                                            +---------------------+
                                            | Vulnerability Scan  |   (CodeQL / Semgrep / Snyk)
                                            +----------+----------+
                                                       |
                                          SARIF/JSON   v
                                            +---------------------+
                                            |    autofic-core     |
                                            |   (Orchestrator)    |
                                            +----------+----------+
                                                       |
                                    +------------------+-------------------+
                                    |                                      |
                                    v                                      v
                          +---------------------+                +---------------------+
                          |   LLM-based Patch   |<-------------->|   Patch Validator   |
                          |  (OpenAI, etc.)     |                |   (Optional CI)     |
                          +---------------------+                +---------------------+
                                    |
                                    v
                            +---------------+
                            |  Auto PR to   |
                            |   GitHub Repo |
                            +---------------+

• Vulnerability Scan : Detect vulnerabilities with static analysis tools (CodeQL, Semgrep, Snyk).
• autofic-core : Parses findings, sends code to LLM, receives patch suggestions, applies fixes.
• LLM-based Patch : Uses large language models (e.g., OpenAI) to generate secure code patches.
• Patch Validator (Optional) : Runs CI/tests to validate patches.
• Auto PR : Automatically creates a pull request with the fix to the target repository.

⚡ Getting Started

1. Prerequisites

• Python 3.8+
• CodeQL CLI (for CodeQL support)
• Semgrep CLI (for Semgrep support)
• Snyk CLI (optional)
• GitHub Personal Access Token (if accessing private repos)

2. Installation

Clone the repo and install dependencies:

git clone https://github.com/AutoFiC/autofic-core.git
cd autofic-core
python -m venv .venv
source .venv/bin/activate   # (Windows: .venv\Scripts\activate)
pip install --upgrade pip; pip install -r requirements.txt; pip install -e .;

3. Usage

🚦 CLI Example

python -m autofic_core.cli \
  --repo <Vulnerable Repository> \
  --sast <semgrep|codeql|snyk> \
  --llm \
  --save-dir <Absolute Path> \
  --patch \
  --pr

• --repo : Target repository URL
• --sast : Vulnerability scanner to use (semgrep, codeql, etc.)
• --llm : Enable LLM-based remediation
• --save-dir : Directory to store scan results
• --patch : Apply suggested patches
• --pr : Automatically create a Pull Request with fixes

🔄 Typical Workflow

• Scan the target repository for vulnerabilities using static analysis.
• Remediate detected vulnerabilities with automated LLM-based patch suggestions.
• Generate reports and/or create a Pull Request with the security fixes.
• See python -m autofic_core.cli --help for the full list of options and usage details.

🧩 Configuration

Configuration is done via CLI flags and/or .env files.

• GITHUB_TOKEN - For accessing private repositories and creating pull requests.
• OPENAI_API_KEY - For LLM-powered patch suggestions.
• USER_NAME - Name or ID for audit trails or commit information.
• DISCORD_WEBHOOK_URL - (Optional) Discord webhook URL for notifications.
• SLACK_WEBHOOK_URL - (Optional) Slack webhook URL for notifications.

🤝 Contributing

We welcome all contributions!

1. Fork the repo and create your branch : git checkout -b feature/your-feature
2. Commit your changes : git commit -am 'Add new feature'
3. Push to the branch : git push origin feature/your-feature
4. Open a Pull Request

📄 License

This project is licensed under the Apache 2.0 License - see the LICENSE file for details.

🙋 Contact

• Issues/Feature Requests : GitHub Issues
• Main Team : AutoFiC Organization
• Main Page : AutoFiC Official