Awesome

AIGraphCodeScan

AIGraphCodeScan is a tool designed for performing security reviews of codebases using graph analysis. The package utilizes Neo4j and Fast GraphRAG to query and visualize relationships within the code, helping identify potential security risks and vulnerabilities by analyzing the structure and flow of the code.

Features

Graph-based Code Analysis: Leverages graph theory to analyze code relationships and interactions.
Neo4j Integration: Stores and queries code structure and data flow in a Neo4j graph database.
Security Review: Helps identify potential security vulnerabilities based on the code's structure and relationships.

Installation

Prerequisites

Ensure you have Python 3.6 or higher installed. You will also need a Neo4j instance running to store and query code-related data.

Installation Steps

Clone the repository and install the required dependencies:

git clone https://github.com/tcosolutions/aigraphcodescan.git
cd aigraphcodescan
pip install -e .

Requirements

Python 3.6+
neo4j >= 4.0.0
fast_graphrag >= 0.1.0
argparse, logging, json

Usage

Once installed, you can use the aigraphcodescan command to run the security review.

aigraphcodescan --debug

Export env variablea for OpenAI (api key) and Neo4j settings (see code)

Setting Environment Variables for Configuration

Follow the steps below to configure the environment variables required for your application, including the OpenAI API key and Neo4j connection details.

For Windows

Open Environment Variables Settings:
- Right-click on "This PC" or "My Computer."
- Select Properties > Advanced System Settings > Environment Variables.
Add New Environment Variables:
- Under "User variables" or "System variables," click New and add the following variables:
  
  Variable Name Value
  OPENAI_API_KEY Your OpenAI API key
  NEO4J_URI bolt://localhost:7687
  NEO4J_USER neo4j
  NEO4J_PASSWORD password
  DIRECTORY_PATH ../badcode/
Save and Apply:
- Click OK to save each variable.
- Restart any terminal or application that requires these variables.

Variable Name	Value
`OPENAI_API_KEY`	Your OpenAI API key
`NEO4J_URI`	`bolt://localhost:7687`
`NEO4J_USER`	`neo4j`
`NEO4J_PASSWORD`	`password`
`DIRECTORY_PATH`	`../badcode/`

For macOS/Linux

Edit the Shell Configuration File:
- Open a terminal and edit your shell configuration file (e.g., ~/.bashrc, ~/.zshrc, or ~/.bash_profile):
```
nano ~/.bashrc  # Replace with the appropriate file
```

Add Environment Variables:

Append the following lines to the file:

export OPENAI_API_KEY="your_openai_api_key"
export NEO4J_URI="bolt://localhost:7687"
export NEO4J_USER="neo4j"
export NEO4J_PASSWORD="password"
export DIRECTORY_PATH="../badcode/"

Apply the Changes:
- Save the file and reload it:
```
source ~/.bashrc
```
- Use ~/.zshrc or ~/.bash_profile if applicable.

The command will start the graph-based security review process. The --debug option enables more detailed logging output.

Example Workflow

Run the security scan: Use the aigraphcodescan command to analyze your codebase.
Review findings: Based on the graph analysis, the tool will provide insights into potential security vulnerabilities, such as unexpected interactions between modules, exposed endpoints, or insecure data flows.
Improve your code: Use the output to guide security improvements in your codebase.

Contributing

We welcome contributions to AIGraphCodeScan. If you find a bug or have a suggestion, please open an issue or submit a pull request.

License

This project is licensed under the AGPL 3.0 License - see the LICENSE file for details.