app

README.md

@@ -10,4 +10,18 @@ pinned: false
 license: mit
 ---
 
-Check out the configuration reference at https://huggingface.co/docs/hub/spaces-config-reference
+# 🛡️ AI-Powered GitHub Vulnerability Scanner
+
+An intelligent security analysis tool that scans GitHub repositories for vulnerabilities using AI agents and Model Context Protocol (MCP) integration. This tool provides comprehensive security assessments with detailed reports and remediation guidance.
+
+## ✨ Features
+
+- **🤖 AI-Powered Analysis**: Uses advanced AI agents to intelligently analyze code patterns
+- **🔍 Comprehensive Scanning**: Detects multiple vulnerability types across various programming languages
+- **📊 Detailed Reports**: Generates professional security reports with severity ratings
+- **🌐 Web Interface**: Easy-to-use Gradio interface for repository analysis
+- **🔗 GitHub Integration**: Direct integration with GitHub repositories via MCP tools
+
+## ⚠️ Disclaimer
+
+This tool is for educational and security research purposes. Always ensure you have proper authorization before scanning repositories. The results should be used as a starting point for security analysis, not as a definitive security assessment.

app.py

@@ -0,0 +1,93 @@
+import gradio as gr
+import os
+from smolagents import InferenceClientModel, CodeAgent, MCPClient
+from dotenv import load_dotenv
+
+# Load environment variables
+load_dotenv()
+
+# MCP Server URL for GitHub tools
+MCP_SERVER_URL = "https://himanshugoyal2004-github-mcp-server.hf.space/gradio_api/mcp/"
+
+def analyze_vulnerabilities(message, history):
+    """Analyze GitHub repository for vulnerabilities using AI agent"""
+    try:
+        # Connect to MCP server and get GitHub tools
+        mcp_client = MCPClient({"url": MCP_SERVER_URL})
+        tools = mcp_client.get_tools()
+        
+        # Initialize AI model
+        model = InferenceClientModel(token=os.getenv("HF_TOKEN"))
+        
+        # Create AI agent with GitHub MCP tools
+        agent = CodeAgent(
+            tools=[*tools], 
+            model=model, 
+            additional_authorized_imports=["json", "ast", "urllib", "base64", "re"]
+        )
+        
+        # Enhanced prompt for vulnerability analysis
+        enhanced_prompt = f"""
+You are a cybersecurity expert. Analyze the GitHub repository for security vulnerabilities.
+
+Repository: {message}
+
+Please:
+1. First, get repository information to verify it exists
+2. Scan the repository for code files (.py, .js, .ts, .php, .java, .cpp, .c, .cs, .go, .rb, .rs, .swift, .kt, .scala, .sh, .bash, .ps1, .ipynb, .sql, .xml, .yaml, .yml, .json, .config, .ini, .env)
+3. For each code file found, get its content and analyze for security vulnerabilities
+4. Focus on detecting:
+   - SQL injection vulnerabilities
+   - Command injection (os.system, exec, eval)
+   - Cross-site scripting (XSS)
+   - Path traversal attacks
+   - Hardcoded secrets/credentials
+   - Insecure deserialization
+   - Weak cryptography
+   - Authentication/authorization flaws
+   - Input validation issues
+   - Unsafe file operations
+
+5. Generate a comprehensive security report with:
+   - Repository overview
+   - Total files analyzed
+   - Vulnerability count by severity (Critical/High/Medium/Low)
+   - Detailed findings with:
+     - File path and line number
+     - Vulnerability type
+     - Code snippet
+     - Security impact
+     - Remediation advice
+     - Related CVE examples when applicable
+
+Format the report professionally with emojis and clear sections.
+"""
+        
+        # Run the AI agent analysis
+        result = agent.run(enhanced_prompt)
+        
+        # Disconnect MCP client
+        mcp_client.disconnect()
+        
+        return str(result)
+        
+    except Exception as e:
+        return f"❌ Error analyzing repository: {str(e)}\n\nPlease ensure:\n• Valid GitHub repository URL\n• HF_TOKEN environment variable is set\n• Repository is accessible"
+
+# Create Gradio interface
+demo = gr.ChatInterface(
+    fn=analyze_vulnerabilities,
+    type="messages",
+    examples=[
+        "https://github.com/WebGoat/WebGoat",
+        "https://github.com/OWASP/NodeGoat", 
+        "https://github.com/digininja/DVWA",
+        "https://github.com/juice-shop/juice-shop",
+        "https://github.com/vulhub/vulhub"
+    ],
+    title="🛡️ AI-Powered GitHub Vulnerability Scanner",
+    description="Paste a GitHub repository URL to scan for security vulnerabilities using AI agents with MCP tools. The AI will intelligently analyze code and provide detailed security reports.",
+)
+
+if __name__ == "__main__":
+    demo.launch()

requirements.txt

@@ -0,0 +1,8 @@
+gradio[oauth,mcp]==5.45.0
+fastapi==0.115.2
+uvicorn==0.24.0
+mcp==1.10.1
+smolagents>=0.1.0
+requests>=2.28.0
+python-dotenv>=1.0.0
+pydantic>=2.11,<2.12