Inspiration
Developers rely heavily on manual code reviews, which often miss critical security issues like hardcoded passwords, API keys, and unsafe patterns. I wanted to build a system that automatically catches these risks before code gets merged.
What it does
DuoAudit is an AI-powered code reviewer that runs inside GitLab CI. It scans merge requests, detects security vulnerabilities using rule-based analysis and AI, and provides inline feedback along with a risk score and decision (Safe, Needs Review, Block).
How I built it
I built DuoAudit using a Cloudflare Worker that processes GitLab merge request events. It fetches real code changes using the GitLab API, analyzes them with regex-based detection and AI models, and posts inline comments and summaries back to the merge request.
Challenges I ran into
The biggest challenge was implementing accurate inline comments, which required working with GitLab’s diff and discussion APIs. Ensuring the system works across different languages and formats while keeping it fast and reliable was also difficult.
What I learned
I learned how to integrate deeply with GitLab APIs, handle CI/CD workflows, and combine rule-based detection with AI for practical code analysis.
What's next for DuoAudit
Future improvements include deeper code understanding using AST parsing, better inline accuracy, multi-file analysis, and support for more advanced security checks.
Built With
- api
- cloudflare-workers
- gitlab-api
- gitlab-ci/cd
- groq
- javascript
- regex-based-scanning
- rest-apis
Log in or sign up for Devpost to join the conversation.