Next-generation solution to reliable security in OSS.
Abhishek designing our architecture before developing

DiffSentry: Empowering Open Source Software (OSS)

Demo

Check out our landing page at diff-sentry.tech! Check out our video demo here: demo video

About the Project

DiffSentry is an open-source platform designed to support and secure the open source ecosystem through two core features:

No hassle vulnerability scanning integrated directly into your CI pipeline.
A Google Chrome extension that connects directly to your bank account and lets your round up transactions to donate to OSS.

Inspiration

Our primary inspiration was what we knew about the xzutils attacks in 2024 and the ripple effect it left in the software community. As we researched more we found out that:

60% of OSS maintainers are (still) not paid for their work
Maintainers are spending 3× more time on security than they did a few years ago (many out of their own pocket!)
In the wake of the xz utils hack, two-thirds of maintainers are less trusting of contributors

We wanted to build something that could help these maintainers, many of whom don't know who to trust anymore. As an OSS maintainer, even of a lesser-known project than something like a polars or PyTorch, you could be the target of a sophisticated social engineering attack by state threat actors at any point in time. So, how can you verify contributions and pull requests without harming the pace of development? That's where our code vulnerability engine and classification engine comes in, but you can learn more about that in the documentation! What you need to know is that in a few short minutes, you can have our engine running on every pull request and commit to main in your open source project!

What We Learned

Working together, we learned to integrate diverse technologies, build performant APIs, and deploy a scalable cloud solution. Collaboration and agile development were essential to our success.

How We Built It

Frontend: Built with React for a responsive user interface.
Backend: The continous integrations scripts were developed using GitHub's .yml CI configuration tooling and GitHub Action script. The actual backend server was developed with FastAPI and Google Gemini.
Deployment: The API is deployed on Heroku (unfortunately Cloudflare doesn't offer native support for Python packages), the landing page is deployed on Cloudflare pages, and our domain (diff-sentry.tech) is registered with get.tech although our DNS resolution is done primarily through Cloudflare.
APIs: We've integrated our app with Google Cloud (Gemini API) and the Plaid API for banking information.

Challenges Faced

Seamlessly integrating multiple APIs.
Ensuring robust security for sensitive data.
Coordinating effectively as a team.

DiffSentry is a testament to our commitment to strengthening the open source community. We welcome your feedback and look forward to future improvements!

Built With

Submitted to

HooHacks 2025

Created by

Frontend w/ react n tailwind - also helped write documentation and connected technical concepts to a laymen's audience

bradyp19 Park
Worked on Frontend w/ react n tailwind. Created the chrome extension linking your bank account with Plaid API for rounding up donations.

Kyle Vitayanuvatti
Building the vulnerability and classification engines with Austin. Devops stuff (setting up infra for heroku/cloudflare/get.tech). Wrote the CI integration for our API.

Abhishek Satpathy
Worked on vulnerability research and prompt engineering to properly identify amongst a long list of vulnerabilities & remove false positives. Built the vulnerability and classifications with Abhi.

Austin Song

Updates

bradyp19 Park started this project — Mar 30, 2025 10:52 AM EDT

Leave feedback in the comments!

Log in or sign up for Devpost to join the conversation.