Inspiration
Merge requests often introduce bugs, security issues, or inconsistent code. I wanted an autonomous agent that ensures code quality and security without manual intervention.
What it does
SecureFlow AI automatically:
Lints JavaScript code with ESLint.
Runs Python unit tests with PyTest.
Scans for vulnerabilities and secrets with Trivy.
Comments on merge requests with results and warnings.
Blocks merges if critical issues are detected.
How we built it
Built with Python, Node.js, ESLint, PyTest, Trivy, and GitLab CI/CD, the project uses modular folders for analysis, tests, and security. The MR bot communicates directly with GitLab using CI/CD variables for secure automation.
Challenges
Configuring CI/CD pipelines with multiple Docker images.
Managing secure GitLab authentication for the bot.
Automating MR comments without disrupting workflows.
Accomplishments
Fully automated CI/CD pipeline covering analysis, testing, security, and MR commenting.
Modular and reusable architecture for any GitLab project.
Integrated security scanning detecting vulnerabilities and secrets efficiently.
Next steps
Expand to more languages/frameworks (TypeScript, React, Vue).
Add advanced merge request risk scoring.
Enable real-time notifications via Slack/Teams.
Built With
- eslint
- javascript
- node.js
- python-3.12
Log in or sign up for Devpost to join the conversation.