LockDown

LockDown is an AI-powered platform that scans student developers’ GitHub repos for vulnerabilities, explains risks in plain language, and helps them learn how to fix issues.

Comment

Inspiration

LockDown was inspired by my experience as a student developer noticing how many beginner projects on GitHub contain security vulnerabilities, often without the developers realizing the risks. I wanted to create a tool that not only identifies potential security issues but also teaches developers how to fix them, combining cybersecurity, AI, and education in one platform.

What it does

LockDown scans student developers’ GitHub repositories for known vulnerabilities using cloud scanning APIs and provides AI-generated explanations of the risks and suggested fixes. It calculates a security score for each repo, highlights critical vulnerabilities, and presents everything in a clear, educational dashboard.

How we built it

The frontend is a React dashboard with GitHub OAuth for authentication. The backend uses Supabase Edge Functions (TypeScript/Deno) to handle API calls to cloud vulnerability scanners and the Google Gemini AI for explanations. Scan results and user data are stored securely in Supabase Postgres, and the system is designed to run serverlessly for scalability.

Challenges we ran into

One major challenge was deciding between running a full local scanner like Trivy or using a cloud API, balancing technical rigor with safety and scalability. Another challenge was ensuring AI explanations were accurate, actionable, and understandable for beginner developers without overwhelming them.

Accomplishments that we're proud of

We successfully built a fully functional serverless MVP that integrates vulnerability scanning, AI explanations, and user authentication. The platform provides students with a clear view of their security risks and actionable guidance, making cybersecurity accessible and educational.

What we learned

I learned a lot about full-stack development, API integration, cybersecurity principles, OAuth authentication, relational database design, and serverless architecture. I also gained experience in designing a system that balances technical accuracy with user-friendly educational content.

What's next for LockDown

Future plans include expanding support for more programming languages, adding automatic detection of common insecure coding patterns, and creating analytics dashboards to give insights into common vulnerabilities in student projects. We also aim to integrate more AI-driven educational features to help students learn secure coding practices more effectively.

Built With

Share this project:

Updates