Inspiration
We've both pulled all-nighters reviewing code for our COMP courses, and we know how easy it is to miss critical bugs when you're staring at hundreds of lines at 3am, so we wanted to build a tool that acts like a safety net, catching the dangerous stuff (SQL injections, hardcoded passwords) before it hits production. Think of it as spell-check, but for security vulnerabilities.
What it does
CodeCritique analyzes git diffs and automatically flags security risks and code quality issues. You paste your code changes, click "Analyze," and get instant feedback ranked by severity with a risk score from 0-100.
How we built it
It currently detects:
SQL Injection (HIGH - 40 pts) — dangerous database queries Hardcoded Secrets (MEDIUM - 25 pts) — passwords/API keys in code Inefficient Loops (LOW - 10 pts) — non-Pythonic code patterns
Results are color-coded and sorted so you know exactly what to fix first.
Challenges we ran into
Deciding severity scores was tricky. Too high and developers ignore warnings; too low and critical issues get missed. We settled on 40/25/10 based on real-world impact. Also with limited time, we focused on three solid rules instead of rushing ten mediocre ones. Quality over quantity I guess!!!!!
Accomplishments that we're proud of
-Built our first full-stack Flask app from scratch -Created a working tool that catches real vulnerabilities -Made security analysis accessible with zero setup required -Successfully divided frontend/backend work and integrated everything smoothly all in 1 day!
Log in or sign up for Devpost to join the conversation.