-
-
Orbit Tracker Security Agent -- How it works
-
Critical Vulnerabilities Found: The Analysis Paralysis Problem
-
4+ Hours Per Vulnerability: Manual Analysis Breakdown and Bottleneck
-
Switch to Orbit Tracer: Select Agent and Start Security Analysis Now
-
Blast Radius Analysis: Automatic 3-Hop Dependency Detection via Orbit
-
Multi-Factor Risk Scoring: Severity x Impact x Exploitability + Rules
-
Remediation: Vulnerable Code to Secure Code - SQL Injection Fixed Fast
-
Merge Request: Security Findings Detected and Fixes Ready Now
-
Business Impact Analysis: Data Risk + Legal Fines + Reputation Damage
Inspiration
Personal: I'm a engineer who watched teams waste days on manual vulnerability analysis. This frustrated me.
Problem: Security teams spend 4+ hours per vulnerability analyzing impact, identifying owners, and writing fixes.
Solution: I built Orbit Tracer Security Agent to automate this entire workflow.
What it does
For security teams:
- Reduces analysis time: 4+ hours → 45 seconds (99.8% faster)
- Saves per team: 40+ hours/month
- Saves organization: 40+ hours × number of security teams
For engineering teams:
- Faster vulnerability remediation
- Secure code generation
- Clear ownership and accountability
Orbit Tracer is an intelligent security agent that:
- Analyzes security findings from GitLab SAST scans
- Traces blast radius using Orbit's knowledge graph (3-hop dependency analysis)
- Scores risk intelligently (1-10) based on organizational impact
- Identifies affected services and code owners
- Generates secure code automatically in 7+ languages
- Creates merge requests with HITL approval gates
Works with ANY project structure, ANY team size, supports Python, JavaScript, Go, Java, C#, C++, Rust, etc..
How we built it
- Agent Framework: GitLab Duo with 1000+ line system prompt
- Knowledge Graph: Orbit API for multi-hop dependency tracing
- Risk Engine: Multi-factor scoring (Severity × Impact × Exploitability)
- Code Generation: Claude AI with language detection
- Integration: GitLab REST API for MR creation and assignment
Challenges
- Universal Design - Built for ANY project, not just ours. Solution: Leverage Orbit instead of hardcoding patterns.
- Accurate Risk Scoring - CVSS alone doesn't capture business impact. Solution: Multi-factor algorithm + compliance awareness.
- Language-Agnostic - Different languages, same remediation. Solution: Pattern-based approach with language bindings.
- Safety + Speed - Too much automation = risky, too slow = pointless. Solution: Risk-based approval gating (auto-approve LOW/MEDIUM, require review CRITICAL/HIGH).
- Integration Complexity - Getting systems to work together. Solution: Clear abstraction layers and comprehensive documentation.
Accomplishments
✅ Enterprise-grade agent - Production-ready code with full documentation ✅ Intelligent blast radius - 3-hop Orbit tracing shows true organizational impact ✅ Universal applicability - One agent, any project structure, any team ✅ Measurable impact - 99.8% time savings (4+ hours → 45 seconds per vulnerability) ✅ Compliance-aware - Understands GDPR, PCI-DSS, HIPAA implications ✅ Professional submission - README, security policy, test cases, OpenAPI spec
What we learned
- Knowledge graphs enable universal solutions (better than hardcoding)
- Risk assessment requires organizational context, not just vulnerability scores
- Separating concepts from implementations enables language-agnostic design
- HITL (Human-in-the-Loop) is a feature, not a compromise
- Professional documentation and polish matter to judges
What's next
Market opportunity:
The global AppSec market faces a critical bottleneck. Organizations can't analyze vulnerabilities fast enough. Orbit Tracer solves this for any team, any codebase, any language.
Market size: Every organization using GitLab (thousands globally)
Vision:
- Phase 2: Real-time vulnerability tracking dashboard
- Phase 3: Automated scheduled remediation
- Phase 4: Multi-organization enterprise features
Phase 5: Open source ecosystem + SaaS platform
Goal : Become the standard for automated security remediation
Built With
- agent
- api
- c#
- c++
- ci/cd
- claude
- compliance
- gitlab
- gitlabduoagentplatform
- go
- java
- javascript
- knowledgegraphapi
- markdown
- python
- security
- skill
- systemprompt
- typescript
- yaml


Log in or sign up for Devpost to join the conversation.