InspectX - Guard Engine

• 

  settings,

• 

  2nd part of dashboard (contains roi dashboard, regulatory compliance audit dashboard)

• 

  scan history

• 

  1st part of dashboard (contains target scanner, vulnerability feed)

• 

  last part of dashbaord (contains threat vector analysis, remediationd deep dive)

• 

  system status

Inspiration Modern software development moves at breakneck speeds, and security is frequently pushed to the very end of the lifecycle. Traditional security scanning suites (SAST/DAST) are usually siloed, incredibly complex, and output massive, cryptic reports that tell developers what is broken but leave them to guess how to fix it. Furthermore, cloud deployments have introduced a wider threat surface. A simple security issue now spans across: Written Code (secrets in code, SQL injection, logic flaws) Dependencies (outdated libraries with known vulnerabilities) Infrastructure Configurations (insecure Dockerfiles, wide-open network configurations) Running App Endpoints (dynamic response vulnerabilities, missing security headers) We wanted to create a developer-friendly security platform that breaks down these siloes. InspectX - Guard Engine was inspired by a single vision: unified, automated, one-click analysis that doesn't just find vulnerabilities, but writes the code to fix them.

What it does InspectX - Guard Engine is an automated web security auditing suite. It allows developers to supply a GitHub repository URL or check local files, running a comprehensive audit across multiple layers of application health: Static Application Security Testing (SAST): Performs Abstract Syntax Tree (AST) parsing and pattern matching on source files to spot hardcoded credentials, SQL injection patterns, command injections, and unsafe functions. Dynamic Application Security Testing (DAST): Probes live running endpoints, fuzzing parameters and analyzing HTTP response headers to identify common dynamic vulnerabilities. Dependency Auditing: Audits project package manifests (such as package.json or requirements.txt) to warn developers about outdated libraries with active CVEs. Infrastructure as Code (IaC) Scan: Audits setup scripts, Dockerfiles, and cloud templates to find privilege escalation vectors and unhardened environments. AI-Powered Remediation & Direct Patching: For every vulnerability found, InspectX communicates with elite security LLMs to generate a detailed explanation of the exploit vector alongside a direct code patch (diff) that developers can apply to fix the issue.

How we built it We designed InspectX as a modular security runner: Backend (FastAPI & Python): We created a modular Python engine. We implemented clean multi-threaded execution to clone, cache, and analyze repositories without locking up server performance. Custom Scanners: Instead of wrapping massive external command-line tools, we built targeted code parsing logic in Python to walk folder structures and analyze config files efficiently. AI Patching Engine: We built an intelligent LLM router in ai.py that supports multiple provider fallbacks: $$ \text{Priority:} \quad \text{Frontend Override} \longrightarrow \text{NVIDIA NIM (Llama 3.3 70B)} \longrightarrow \text{Google Gemini (2.5 Flash)} $$ By enforcing strict structured JSON outputs, the AI returns clean explanations and drop-in code replacements (alternative_patch). Frontend (Next.js & TypeScript): Designed a dashboard displaying visual vulnerability scores, interactive vulnerability lists, color-coded severity tiers, and a side-by-side patch applicator.

Challenges we ran into Ensuring Consistent LLM JSON Structuring: Getting LLMs to consistently output valid JSON without extra conversational text (like "Here is the patch you requested...") proved tricky. We solved this by using strict system-level instructions, enforcing schema responses, and setting up post-processing parsing filters. Safe Patch Application: Automatically editing code in-place is highly dangerous. We had to build robust AST search-and-replace scripts and boundary checks to ensure that applying a security patch doesn't break syntax or alter unrelated adjacent logic. Repository Isolation: Downloading third-party repositories for static analysis poses a security concern if files are read or executed unsafely. We implemented hashing algorithms and automated cleanup loops to sanitize workspaces.

Accomplishments that we're proud of The AI Remediation Loop: Building a workflow where a security scanning result goes from detection to AI analysis to clean patch application, or mathematically: ( \text{Detection} \longrightarrow \text{AI Analysis} \longrightarrow \text{Patch Application} ) in under ( 3 ) seconds. Multi-Provider Fallback Routing: Setting up an LLM connector that seamlessly fails over from NVIDIA NIM to Gemini or a user-provided API key, ensuring high availability. Vulnerability Dashboard: Consolidating four complex, distinct security metrics (SAST, DAST, manifest dependency auditing, and IaC setups) into a visually stunning, readable dashboard.

What we learned Security is a UX Problem: Developers don't ignore security because they don't care; they ignore it because security tools have historically provided terrible user experiences. Making alerts actionable and human-readable changes developer behavior. Prompt Engineering & Structured Output: We learned how to write strict constraints for LLMs to generate secure, standardized replacements for vulnerable code segments without breaking code indentation or syntax. AST Parsers are Powerful: Building AST-based pattern matchers taught us how compilers view source code and how to traverse code nodes to spot threats before compilation.

What's next for InspectX - Guard Engine GitHub PR Security Bot: Wrap the runner in a GitHub Action that scans every commit and comments on Pull Requests with direct patch recommendations. Custom Security Policy Rules: Allow security teams to define custom YAML policy rules to match company-specific coding constraints. Automatic Git Commits: Give developers a "Commit Fix" button that commits the AI-generated security patch directly to a new git branch.

Built With

• ast-parsing
• dast
• fastapi
• gemini-api
• httpx
• llama-3.3
• nvidia-nim
• pydantic
• python
• react
• sast
• security
• tailwindcss
• typescript
• uvicorn
• vite