HealthGuard AI is live and submitted for the GitLab AI Hackathon.
28 violations caught on first real scan across Java, Python, TypeScript, and Docker — 15 Critical, 8 High, 5 Medium. Compliance score: 0/100. Merge blocked. 17 tracking issues auto-created with HIPAA, GDPR, and Kenya DPA labels.
What makes it different from generic SAST tools: it knows that logger.info("Processing patient: " + patient.getName()) is a PHI exposure. It knows that a FHIR $everything endpoint without OAuth scope check breaks HIPAA §164.312(a)(2)(i). It knows that sending lab results to a partner lab without checking Kenya DPA §48 is a cross-border consent violation. That knowledge comes from actually deploying these systems across 50+ Kenyan counties — not from skimming a compliance PDF.
Architecture: custom Scanner agent feeds into a Reporter agent via orchestrated multi-step flow. Reporter posts the full findings report on the MR and creates labeled tracking issues automatically. Anthropic Claude handles deep whole-file analysis via GitLab AI Gateway with injectGatewayToken. A CI/CD compliance gate runs grep-based pre-screening before any AI model touches the code — catching ~40% of violations cheaply and saving compute on every scan.
Next: ICD-10 and medication data detection rules, PIPEDA and LGPD coverage, and a compliance score dashboard on GitLab Pages.
Healthcare teams are pushing code every day with zero automated compliance checks. That needs to change.
Log in or sign up for Devpost to join the conversation.