🛡️ Inspiration: The Developer's Security Gap
As a student and developer, I’ve often noticed that security audits are the most exhausting part of coding. Finding a vulnerability is one thing, but knowing exactly how to fix it without breaking the system is another challenge entirely. I wanted to build something that doesn't just "point fingers" at bugs but actually steps in like a senior security engineer to provide a verified fix. That's how SentinelFix AI was born. 🚀 What it does
SentinelFix AI is an automated security orchestrator built on the GitLab Duo Agent Platform. It uses a "Two-Brain" approach:
The Scanner (Claude 3.5 Haiku): A lightning-fast agent that monitors the codebase for critical patterns like SQL Injections or hardcoded secrets.
The Fixer (Claude 3.5 Sonnet): Once a bug is found, this expert agent analyzes the context and provides a production-ready, secure code patch.
It turns a manual, hours-long security review into a seamless, automated conversation within GitLab. 🏗️ How I built it
I utilized the cutting-edge GitLab Duo Agents and Flows infrastructure. The backend logic is powered by Anthropic's Claude 3.5 models via Google Cloud Vertex AI.
YAML Orchestration: I designed custom flows to bridge the communication between different agents.
GitLab CI/CD: Integrated the agents directly into the pipeline to ensure every scan is verified and every fix is logged.
🧠Challenges I ran into
Working with a platform that is still in Beta was tough! I faced significant challenges in getting the YAML configurations for custom agents exactly right. There were moments when the pipeline would fail, or the agents wouldn't trigger correctly. Troubleshooting these "hidden" errors required a lot of deep diving into documentation and trial-and-error, but it taught me exactly how autonomous AI orchestration works under the hood. âś… Accomplishments that I'm proud of
The biggest win was seeing the agent successfully identify a critical SQL Injection vulnerability in my test file and—more importantly—provide a parameterized, secure fix that actually worked. Seeing that "Green" pipeline after hours of debugging was the best feeling! 📖 What I learned
This project taught me the true power of AI Agent Orchestration. I learned how to balance model performance (Haiku vs Sonnet) to save costs and time while maintaining high-quality output. It also deepened my understanding of DevSecOps and how AI will shape the future of secure software development.
Log in or sign up for Devpost to join the conversation.