DeepAudit is an open source code security auditing platform that uses a multi-agent architecture to analyze and identify vulnerabilities in software projects. Instead of relying solely on traditional static analysis, it simulates the reasoning process of security experts through coordinated agents responsible for orchestration, reconnaissance, analysis, and verification. DeepAudit performs deep semantic understanding of code, enabling it to detect complex vulnerabilities that span multiple files and business logic layers. It also includes automated proof-of-concept validation using a sandboxed environment, allowing detected issues to be tested for real exploitability. DeepAudit integrates retrieval-augmented generation techniques to enhance contextual understanding and reduce false positives during analysis. Users can import projects and trigger a full audit workflow that includes risk identification, exploit generation, validation, and final report creation.

Features

  • Multi-agent system with orchestrator, recon, analysis, and verification roles
  • Automated vulnerability discovery with deep code semantic analysis
  • Sandbox-based PoC validation to confirm exploitability of findings
  • Retrieval-augmented generation to reduce false positives and improve accuracy
  • One-click report generation in multiple formats including structured outputs
  • Support for local model deployment to protect sensitive source code

Project Samples

Project Activity

See All Activity >

License

Affero GNU Public License

Follow DeepAudit

DeepAudit Web Site

Other Useful Business Software
Stop vibe-debugging. Icon
Stop vibe-debugging.

Plug Claude into your app's actual errors.

AppSignal's MCP server hands Claude, Cursor, or Zed your real errors, traces, and the deploy that shipped them. AI writes the fix; you review the diff.
Free 30 days.
Rate This Project
Login To Rate This Project

User Reviews

Be the first to post a review of DeepAudit!