Evolver is a fully sandboxed, self-evolving DevSecOps system that uses evolutionary algorithms to improve code security through iterative mutation, evaluation, and adaptation. It operates entirely within ephemeral Docker containers for safety.
- Sandbox & Safety: All operations in isolated Docker containers with no external network access or destructive commands.
- Evolutionary Layers:
- Patch Mutation: AST-based symbolic code mutations.
- Fitness Evaluation: Weighted scoring on security, tests, performance, etc.
- Meta-Mutation: Adaptive mutation rates.
- Seasonal Resets: Periodic pruning and mutation surges.
- Agents:
- Orchestrator: Manages the process via FastAPI.
- Security Agent: Runs Bandit, Semgrep, Trivy scans.
- Breaker Agent: Fuzzing and attack simulations.
- Healer Agent: Generates patches.
- Historian Agent: Tracks lineage and history.
- Mutator Agent: Applies mutations.
- Hybrid Symbolic + LLM: Symbolic mutations with LLM-generated rollback explanations.
- Lineage Graph: Tracks variant evolution.
-
Build the Docker image:
docker build -t evolver . -
Run the system:
docker run --rm -it evolver python evolve.py --repo=https://github.com/aaitplus/evolver.git --branch=main
The system will clone the repo, run evolutionary loops, and output lineage graphs and metrics.
- No network access outside container.
- Ephemeral containers terminate safely with SIGKILL.
- No secrets persisted or logged.
- All filesystem writes confined to /app/sandbox.
- Orchestrator: FastAPI server for managing evolution.
- Workflows: Master loop handling generations.
- Agents: Specialized components for security, breaking, healing, etc.
- Fitness: Evaluation and weight management.
- Utils: Cloning, scanning, lineage tracking, replay.
- Config: Genome pool, weights, mutation steps.
- Docker
- Python 3.9+
- Installed tools: Bandit, Semgrep, Trivy (via Dockerfile)
For questions or support, contact alishanjng@gmail.com.
I build security-first systems that automate detection, simulation, and remediation across the SDLC.