Skip to content
@AutoFiC

AutoFiC

README.md

AutoFiC

Remediate vulnerable source code at scale using LLMs and automation.

License Python

🚀 Overview

AutoFiC is the project, providing a CLI-based automation pipeline for detecting, analyzing, and remediating source code vulnerabilities using the power of LLMs and static analysis tools.

The project is designed for automated security auditing, bulk code scanning, and mass vulnerability remediation across multiple repositories, with seamless integration into modern CI/CD workflows.

✨ Features

  • Automated Vulnerability Detection
    Integrates with tools like CodeQL, Semgrep, Snyk Code to identify vulnerabilities in source code.

  • LLM-Powered Remediation
    Uses Large Language Models to suggest and patch vulnerabilities automatically.

  • Multi-Repository Support
    Bulk-clone and analyze many repositories with configurable filters (e.g., stars, language).

  • CLI Tooling
    Command-line interface for easy integration into scripts and CI/CD pipelines.

  • SARIF/JSON Reporting
    Outputs results in standardized formats for downstream processing or dashboards.

  • Extensible and Modular
    Easily extend with new vulnerability scanners, languages, or custom rules.

🏗️ Architecture

                                            +---------------------+
                                            |   [GitHub Repos]    |
                                            +----------+----------+
                                                       |
                                                       v
                                            +---------------------+
                                            | Vulnerability Scan  |   (CodeQL / Semgrep / Snyk)
                                            +----------+----------+
                                                       |
                                          SARIF/JSON   v
                                            +---------------------+
                                            |    autofic-core     |
                                            |   (Orchestrator)    |
                                            +----------+----------+
                                                       |
                                    +------------------+-------------------+
                                    |                                      |
                                    v                                      v
                          +---------------------+                +---------------------+
                          |   LLM-based Patch   |<-------------->|   Patch Validator   |
                          |  (OpenAI, etc.)     |                |   (Optional CI)     |
                          +---------------------+                +---------------------+
                                    |
                                    v
                            +---------------+
                            |  Auto PR to   |
                            |   GitHub Repo |
                            +---------------+
  • Vulnerability Scan : Detect vulnerabilities with static analysis tools (CodeQL, Semgrep, Snyk).
  • autofic-core : Parses findings, sends code to LLM, receives patch suggestions, applies fixes.
  • LLM-based Patch : Uses large language models (e.g., OpenAI) to generate secure code patches.
  • Patch Validator (Optional) : Runs CI/tests to validate patches.
  • Auto PR : Automatically creates a pull request with the fix to the target repository.

⚡ Getting Started

1. Prerequisites

  • Python 3.8+
  • CodeQL CLI (for CodeQL support)
  • Semgrep CLI (for Semgrep support)
  • Snyk CLI (optional)
  • GitHub Personal Access Token (if accessing private repos)

2. Installation

Clone the repo and install dependencies:

git clone https://github.com/AutoFiC/autofic-core.git
cd autofic-core
python -m venv .venv
source .venv/bin/activate   # (Windows: .venv\Scripts\activate)
pip install --upgrade pip; pip install -r requirements.txt; pip install -e .;

3. Usage

🚦 CLI Example

python -m autofic_core.cli \
  --repo <Vulnerable Repository> \
  --sast <semgrep|codeql|snyk> \
  --llm \
  --save-dir <Absolute Path> \
  --patch \
  --pr
  • --repo : Target repository URL
  • --sast : Vulnerability scanner to use (semgrep, codeql, etc.)
  • --llm : Enable LLM-based remediation
  • --save-dir : Directory to store scan results
  • --patch : Apply suggested patches
  • --pr : Automatically create a Pull Request with fixes

🔄 Typical Workflow

  • Scan the target repository for vulnerabilities using static analysis.
  • Remediate detected vulnerabilities with automated LLM-based patch suggestions.
  • Generate reports and/or create a Pull Request with the security fixes.
  • See python -m autofic_core.cli --help for the full list of options and usage details.

🧩 Configuration

Configuration is done via CLI flags and/or .env files.

  • GITHUB_TOKEN - For accessing private repositories and creating pull requests.
  • OPENAI_API_KEY - For LLM-powered patch suggestions.
  • USER_NAME - Name or ID for audit trails or commit information.
  • DISCORD_WEBHOOK_URL - (Optional) Discord webhook URL for notifications.
  • SLACK_WEBHOOK_URL - (Optional) Slack webhook URL for notifications.

🤝 Contributing

We welcome all contributions!

  1. Fork the repo and create your branch : git checkout -b feature/your-feature
  2. Commit your changes : git commit -am 'Add new feature'
  3. Push to the branch : git push origin feature/your-feature
  4. Open a Pull Request

📄 License

This project is licensed under the Apache 2.0 License - see the LICENSE file for details.

🙋 Contact

Pinned Loading

  1. llm-vs-sast llm-vs-sast Public

    Compare SAST with LLM

    Jupyter Notebook 4

  2. autofic-core autofic-core Public

    A solution for remediating vulnerable source code using LLMs

    Python 6

Repositories

Showing 5 of 5 repositories

People

This organization has no public members. You must be a member to see who’s a part of this organization.

Top languages

Loading…

Most used topics

Loading…