# lintsinghua/deepaudit **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/lintsinghua-deepaudit).** 4,668 stars · 544 forks · Python · agpl-3.0 ## Links - GitHub: https://github.com/lintsinghua/DeepAudit - awesome-repositories: https://awesome-repositories.com/repository/lintsinghua-deepaudit.md ## Topics `ai` `bug-detection` `code-audit` `code-quality` `code-review` `developer-tools` `devsecops` `google-gemini` `llm` `react` `sast` `security-scanner` `supabase` `typescript` `vite` `vulnerability-scanner` `xai` ## Description DeepAudit is a privacy-preserving code audit platform that combines multiple specialized AI agents to identify and verify security vulnerabilities in source code. It functions as a local LLM vulnerability scanner, an automated security report generator, and a sandboxed exploit verifier, all operating entirely within an internal network to keep sensitive code and data on premises. What distinguishes DeepAudit is its multi-agent cooperative approach: teams of AI agents jointly plan, analyze, and cross-check findings across the codebase, moving beyond single-pass scanning. The platform also sandbox-confirms exploitability by running proof-of-concept scripts in an isolated environment, reducing false positives while validating real-world risk. All analysis runs locally using on-premises large language models, ensuring no data leaves the internal network. DeepAudit complements these differentiators with configurable audit scopes — allowing teams to target specific directories and file patterns — and rule-based vulnerability matching against known patterns. After analysis, it automatically produces a structured report with severity levels and remediation steps. ## Tags ### Security & Cryptography - [Cooperative AI Auditors](https://awesome-repositories.com/f/security-cryptography/security-auditing-tools/cooperative-ai-auditors.md) — Teams of specialized AI agents cooperatively plan, analyze, and verify vulnerabilities across the codebase. - [Security Report Generation](https://awesome-repositories.com/f/security-cryptography/security-report-generation.md) — Producing a comprehensive report with findings, severity levels, and remediation steps automatically after the audit completes. - [LLM-Orchestrated Scanners](https://awesome-repositories.com/f/security-cryptography/security-scanners/llm-orchestrated-scanners.md) — Automates vulnerability scanning by orchestrating local large language models for private code analysis. - [Source Code Vulnerability Scanning](https://awesome-repositories.com/f/security-cryptography/source-code-vulnerability-scanning.md) — Scanning source code and configuration files for known security vulnerabilities using rule-based pattern matching and vulnerability databases. - [Audit Scope Configurations](https://awesome-repositories.com/f/security-cryptography/analysis-scope-configurations/audit-scope-configurations.md) — Specify which directories and file patterns the audit scans to focus analysis on relevant code. ([source](https://github.com/lintsinghua/DeepAudit/blob/v3.0.0/sgconfig.yml)) - [Vulnerability Matching](https://awesome-repositories.com/f/security-cryptography/security/offensive-operations/vulnerability-research-analysis/research-reference-knowledge/vulnerability-databases/vulnerability-matching.md) — Scans code by comparing against a database of known vulnerability patterns and signature rules. ### Artificial Intelligence & ML - [Security Audit Reports](https://awesome-repositories.com/f/artificial-intelligence-ml/automated-reporting/security-audit-reports.md) — Aggregates findings, severity levels, and remediation steps into a structured report automatically after analysis. - [Local Model Runtimes](https://awesome-repositories.com/f/artificial-intelligence-ml/local-model-runtimes.md) — Perform analysis locally using internal-network models to ensure data never leaves the premises. ([source](https://github.com/lintsinghua/DeepAudit#readme)) - [Local Inference Engines](https://awesome-repositories.com/f/artificial-intelligence-ml/machine-learning/infrastructure/model-optimization-and-inference/serving-and-runtime/large-language-model-optimization/local-inference-engines/local-inference-engines.md) — Runs large language models entirely within the internal network for analysis, ensuring data never leaves the premises. ### Part of an Awesome List - [Privacy-Preserving Code Auditors](https://awesome-repositories.com/f/awesome-lists/devtools/code-analysis-platforms/privacy-preserving-code-auditors.md) — Runs entirely within the internal network, ensuring source code and analysis remain on premises. - [Sandboxed Exploit Verifiers](https://awesome-repositories.com/f/awesome-lists/security/exploitation-and-post-exploitation/sandboxed-exploit-verifiers.md) — Executes PoC exploit scripts in a controlled sandbox to confirm vulnerability exploitability without risk. - [Security and Vulnerability Scanning](https://awesome-repositories.com/f/awesome-lists/security/security-and-vulnerability-scanning.md) — Scan source code and configuration files for security vulnerabilities using rule-based analysis and known databases. ([source](https://github.com/lintsinghua/DeepAudit/blob/v3.0.0/README_EN.md)) - [Vulnerability Detection](https://awesome-repositories.com/f/awesome-lists/security/vulnerability-detection.md) — Compare code against known vulnerability patterns to detect security flaws and misconfigurations. ([source](https://github.com/lintsinghua/DeepAudit/search))