A powerful automated security scanning tool that analyzes GitHub repositories for vulnerabilities using Portia AI and Semgrep, automatically creating GitHub issues and sending email notifications.
- 🔍 Automated Security Scanning: Automatically scans GitHub repositories for security vulnerabilities
- 🛡️ Semgrep Integration: Uses industry-standard Semgrep for comprehensive security analysis
- 📝 GitHub Issue Creation: Automatically creates detailed GitHub issues for discovered vulnerabilities
- 📧 Email Notifications: Sends immediate email alerts to specified recipients
- 🌐 Web Interface: User-friendly Streamlit web application for easy configuration and execution
The Code Security Agent follows a modular, AI-driven architecture:
┌────────────────-─┐ ┌─────────────────┐ ┌─────────────────┐
│ Streamlit UI │ │ Portia Agent │ │ GitHub API │
│ │────│ │────│ │
│ • API Config │ │ • Plan Builder │ │ • File Fetching │
│ • User Input │ │ • Tool Registry │ │ • Issue Creation│
│ • Results Display│ │ • Execution │ │ │
└─────────────────-┘ └─────────────────┘ └─────────────────┘
│
▼
┌─────────────────┐ ┌─────────────────┐
│ Custom Tools │ │ Semgrep AI │
│ │────│ │
│ • File Download │ │ • Security Scan │
│ • Content Read │ │ • Vulnerability │
│ • Data Wrapping │ │ Detection │
└─────────────────┘ └─────────────────┘
agent.py: Main orchestration logic using Portia's PlanBuilderV2models.py: Pydantic data models for type safety and validationtools/: Custom tool implementations for file handlingutils.py: Utility functions for GitHub URL parsing and cleanupstreamlit_app.py: Web interface for user interaction
- Python 3.12 or higher
- OpenAI API key
- Portia API key
- GitHub repository access
- uv package manager
-
Clone the repository
git clone <repository-url> cd code-security-agent-using-portia
-
Install dependencies
uv sync
-
Set up environment variables
export OPENAI_API_KEY="your-openai-api-key" export PORTIA_API_KEY="your-portia-api-key"
uv run streamlit run streamlit_app.pyuv run agent.pyThe application requires two API keys:
- OpenAI API Key: For AI-powered analysis and issue summarization
- Portia API Key: For AI planning and execution orchestration
-
Launch the Streamlit app
uv run streamlit run streamlit_app.py
-
Configure API Keys
- Enter your OpenAI API key
- Enter your Portia API key
- Click "Set Environment Variables"
-
Configure Scan Parameters
- Enter recipient email address
- Provide GitHub repository URL
- Click "Run Plan"
from agent import run_code_security_agent
# Run security scan
run_code_security_agent(
github_repo_url="https://github.com/username/repository",
user_email="user@example.com"
)
- Repository Analysis: Fetches all files from the specified GitHub repository (Uses GitHub MCP tool)
- File Processing: Downloads and processes code files for analysis (Uses custom download_and_read_files)
- Security Scanning: Runs Semgrep scan to detect vulnerabilities (Uses semgrep MCP tool)
- Issue Creation: Automatically creates GitHub issues for found vulnerabilities (Uses GitHub MCP tool)
- Notification: Sends email alerts to specified recipients (Uses Gmail MCP tool)
- GitHub Issues: Detailed vulnerability reports with file locations and descriptions
- Email Notifications: Summary emails with issue links
- API Key Errors: Ensure both OpenAI and Portia API keys are valid and set
- GitHub Access: Verify the repository is accessible and public
- File Permissions: Ensure write permissions for temporary file creation
- Network Issues: Check internet connectivity for file downloads
- Fork the repository
- Create a feature branch
- Make your changes
- Add tests if applicable
- Submit a pull request