Download
DeepAudit is an open source code security auditing platform that uses a multi-agent architecture to analyze and identify vulnerabilities in software projects. Instead of relying solely on traditional static analysis, it simulates the reasoning process of security experts through coordinated agents responsible for orchestration, reconnaissance, analysis, and verification. DeepAudit performs deep semantic understanding of code, enabling it to detect complex vulnerabilities that span multiple files and business logic layers. It also includes automated proof-of-concept validation using a sandboxed environment, allowing detected issues to be tested for real exploitability. DeepAudit integrates retrieval-augmented generation techniques to enhance contextual understanding and reduce false positives during analysis. Users can import projects and trigger a full audit workflow that includes risk identification, exploit generation, validation, and final report creation.
Features
- Multi-agent system with orchestrator, recon, analysis, and verification roles
- Automated vulnerability discovery with deep code semantic analysis
- Sandbox-based PoC validation to confirm exploitability of findings
- Retrieval-augmented generation to reduce false positives and improve accuracy
- One-click report generation in multiple formats including structured outputs
- Support for local model deployment to protect sensitive source code
Project Samples
