AutoCVE is an agent-driven platform for automating authorized source-code auditing and CVE discovery. It covers the workflow from project selection and repository import to vulnerability verification and submission-ready report generation. An orchestrator coordinates specialized agents for reconnaissance, scanning, triage, deep analysis, verification, and final consolidation. Users can choose enhanced scanning, intelligent auditing, or comprehensive auditing based on speed and depth requirements. The interface records agent trees, tool calls, phase progress, sessions, findings, and supporting evidence for review. Vulnerabilities are deduplicated and stored in a structured management system, while configurable skills extend individual agents. The platform uses a React frontend, FastAPI backend, PostgreSQL database, and Docker-based deployment.
Features
- End-to-end automated CVE discovery workflow
- Multi-agent security audit orchestration
- Three configurable source-code audit modes
- Interactive findings and evidence review
- Structured vulnerability deduplication and management
- Docker deployment with React and FastAPI