Orion

Orion is a live security visualization system that maps vulnerabilities as they occur and automates code remediation directly in your workflow

Comment

Orion: Turn Application Risk Into Visual Intelligence

INSPIRATION

Security tools today are noisy. Developers are forced to stare at endless, static lists of CVEs (Common Vulnerabilities and Exposures) in dashboards that disconnect the vulnerability from the architecture. It is hard to prioritize, hard to visualize, and hard to fix without breaking the build. Even if there is a tool, what are they given? A bunch of instructions that they manually need to edit. PAIN.

WHAT IT DOES

Orion creates a visual map of your application and automates it's patching. Each file appears as a dot, and connections between them show how dependencies flow. When we run Hacktron to scan for vulnerabilities, the affected files light up in red. You can immediately see which files are at risk and how the problem spreads. Click on any vulnerable file to see the exact line of code that needs fixing, then apply the fix with one click - it automatically updates your local code.

HOW WE BUILT IT

Frontend: TypeScript with Three.js | Storage: Supabase | Real-time: WebSockets for syncing between cloud and local | Scanning: Hacktron AI for vulnerability detection

CHALLENGES WE RAN INTO

1. Syncing fixes from cloud to local computers

The biggest challenge was sending fixes from our cloud system back to developers' computers without requiring them to open firewall ports or set up VPNs. A developer's computer sits behind security layers, so we cannot connect to it directly.

Our solution: The local scanner creates a connection to the cloud and keeps it open continuously. When we need to send a fix, we push it back through this same connection. This required careful engineering, but it eliminated any setup burden for users.

2. Integrating Hacktron with limited documentation

Hacktron was new technology with sparse documentation. We had to learn how it works, understand its output format, and figure out how to use it effectively. We built an abstraction layer that translates Hacktron's results into our system's format and filters out false alarms.

3. Keeping local and cloud changes in sync

If the cloud sends a fix but the developer has unsaved changes in that file, we need a smart way to combine both changes without overwriting work. We built a merge system similar to Git that intelligently combines modifications.

ACCOMPLISHMENTS WE'RE PROUD OF

  • We created an invisible sync system that requires no port setup or configuration from users
  • We successfully integrated Hacktron despite minimal documentation
  • Our code fixes are precise and do not break existing code
  • The interface remains responsive and visually appealing with complex graphs

WHAT WE LEARNED

  • Good infrastructure design is more valuable than adding more features
  • Integration work took far more time than building the visualization itself
  • A visual graph communicates risk much better than a list ever could
  • Live vulnerability detection changes how developers think about security
  • Comprehensive logging is essential when working with new tools

AND THE MOST IMPORTANT - SIMPLICITY IS THE KEY

WHAT'S NEXT

Support for multiple scanning tools to get consensus across different detectors -> Predict where vulnerabilities are likely to occur -> Team collaboration features -> Enterprise-scale deployment

We have created a tool that makes application security understandable and actionable.

Built With

Share this project:

Updates