SecureCode AI

Your Security-Aware Development Partner

Comment

Inspiration

Traditional security tools only tell you what's broken after deployment. We wanted to flip this - what if your AI coding assistant knew your organization's actual security vulnerabilities and could prevent them during development? Instead of playing security whack-a-mole, developers could write secure code from day one.

What it does

SecureCodeAI is an AI pair programmer that integrates with Wiz's security platform to provide context-aware code suggestions. When you're writing infrastructure code, it:

  • Analyzes your organization's real security vulnerabilities via Wiz MCP
  • Generates code that avoids patterns that have caused issues in your environment
  • Provides real-time warnings when your code matches existing vulnerability patterns
  • Learns from your deployment outcomes to improve future suggestions

How I built it

  • Frontend: VS Code extension with React-based chat interface
  • Backend: Node.js server orchestrating between claude and Wiz MCP tools
  • AI Pipeline: Custom prompt engineering that injects real security context from Wiz
  • Integration: Wiz MCP server providing live security data (vulnerabilities, threats, configurations)
  • Learning Loop: Feedback mechanism that correlates code suggestions with post-deployment security scan results

Challenges I ran into

  • understanding the aws bedrock agentcore interface and understanding the wiz mcp server

🏆 Accomplishments that I proud of

  • Successfully integrated live security data into code generation for the first time
  • Deployed an mcp server on AWS build agentcore for the first time

📚 What I learned

  • Security context dramatically improves AI code quality when properly integrated
  • Developers are more receptive to security guidance when it's personalized to their environment
  • Real-time security data can be effectively used for proactive rather than reactive security
  • The key is making security invisible to developers while still being comprehensive

🚀 What's next for SecureCodeAI

  • Multi-IDE Support: Expand beyond VS Code to JetBrains, Vim, etc.
  • Team Learning: Share security insights across development teams
  • Compliance Integration: Automatically ensure code meets SOC2, HIPAA, etc. requirements
  • Security Metrics: Track security improvement trends across development cycles
  • Enterprise Deployment: Scale to handle large organizations with complex security policies

*Built with: Wiz MCP, AWS bedrock agentcore, claude

Built With

Share this project:

Updates