Magician Security Analyzer

Magician Security Analyzer is an intelligent platform that audits code repositories, Dockerfiles, and CI/CD pipelines to find sensitive secrets and vulnerabilities. It supports automatic fixes, visual reporting, and pull request creation. Ideal for DevSecOps and continuous security integration.

✨ Key Features

• Code Analysis: Executes Semgrep and GoSec to detect source code vulnerabilities.
• Dockerfile Scanning: Identifies insecure practices like USER root or missing --no-cache.
• Secret Detection: Uses Gitleaks to find hardcoded tokens, passwords, and keys.
• CI/CD Analysis: Detects insecure configurations in .github/workflows and .gitlab-ci.yml.
• Auto-Fix & Auto-PR: Automatically fixes simple issues and opens Pull Requests via GitHub CLI.
• AI Integration: Analyzes code snippets to provide vulnerability insights and remediation suggestions.

🛠️ Tech Stack

Built with a FastAPI backend and high-performance Go workers for scalability and speed.