security-auditor-agent

v1.0.1

Published

4 days ago

Senior Security Auditor AI agent — performs thorough read-only security analysis of codebases. Identifies vulnerabilities, assesses risk via CVSS scoring, maps compliance gaps, and provides actionable remediation. Built with LangChain, LangGraph, and Groq

0High
0Medium
0Low

mayurw

security audit vulnerability owasp sast compliance agent langchain langgraph groq ai cve wcag soc2 gdpr pci-dss

🛡️ Security Auditor Agent

A senior-level AI Security Auditor agent built with LangChain, LangGraph, and Groq's blazing-fast LLM inference (Llama 3.3 70B). Performs thorough, read-only security analysis of codebases — identifies vulnerabilities, assesses risk via CVSS scoring, maps compliance gaps, and provides actionable remediation guidance.

This agent never modifies code. It analyzes and reports.

⚡ Powered by Groq (Free Tier)

Groq's LPU chips deliver 250+ tokens/second — making multi-step security audits feel nearly instant. The free tier includes access to Llama 3.3 70B with generous rate limits.

🏗️ Architecture

Built as a LangGraph directed graph with 8 specialized audit nodes:

┌──────────────────┐
│   Task Intake     │  ← Scopes the audit, identifies targets
└────────┬──────────┘
         │
  ┌──────┴──────┐       (conditional routing based on mode)
  ▼      ▼      ▼
┌──────┐┌──────┐┌──────┐┌──────┐┌──────┐┌──────┐
│OWASP ││Access││ Data ││ SAST ││Compl-││ Risk │
│Top 10││Ctrl  ││Secur-││Patt- ││iance ││Assess│
│      ││& Auth││ity   ││erns  ││Map   ││ment  │
└──┬───┘└──┬───┘└──┬───┘└──┬───┘└──┬───┘└──┬───┘
   └───────┴───────┴───────┴───────┘
                   │
          ┌────────┴────────┐
          │ Report Synth.   │  ← Combines all findings
          └─────────────────┘

📦 Installation

# Install globally
npm install -g security-auditor-agent

# Or clone and install locally
cd security_auditor_agent
npm install
npm link

🔧 Setup

# Interactive setup (stores API key in .env)
security-auditor setup

Get your free Groq API key at: https://console.groq.com/keys

🚀 Usage

# Full security audit (all 6 specialist nodes)
security-auditor "Audit this Node.js Express API with JWT auth and PostgreSQL"

# OWASP Top 10 only
security-auditor "Check this React + Node app for OWASP vulnerabilities" --mode owasp

# Access control & authentication audit
security-auditor "Audit the OAuth2 implementation in our microservices" --mode access

# Data security review
security-auditor "Review data handling in our payment processing service" --mode data

# SAST pattern analysis
security-auditor "Scan this Python Flask API for code-level vulnerabilities" --mode sast

# Compliance mapping
security-auditor "Map our SaaS platform against SOC 2 requirements" --mode compliance --standard soc2

# Risk assessment & threat modeling
security-auditor "Perform threat modeling on our e-commerce checkout flow" --mode risk

# Filter by severity
security-auditor "Full audit of our API gateway" --severity high

# Save report to file
security-auditor "Audit our authentication system" --output audit-report.md

Options

| Flag | Description | Default | |------|-------------|---------| | --mode | owasp \| access \| data \| sast \| compliance \| risk \| full | full | | --standard | soc2 \| iso27001 \| gdpr \| pci-dss \| hipaa \| all | all | | --severity | critical \| high \| medium \| low \| info | low | | --output <file> | Save audit report to a file | — | | --model <model> | Groq model to use | llama-3.3-70b-versatile | | --verbose | Show detailed agent reasoning | false |

🧠 Audit Capabilities

1. OWASP Top 10 Analysis

Full evaluation against all 10 OWASP 2021 categories (A01–A10) with CVSS scoring, CWE identifiers, proof-of-concept scenarios, and remediation code.

2. Access Control & Authentication Audit

Authentication mechanisms (JWT, session, OAuth, API keys)
Authorization at every endpoint (RBAC, ABAC)
IDOR and privilege escalation detection
Session management (fixation, timeout, cookie flags)
Brute force and credential stuffing protection

3. Data Security Review

Sensitive data identification (PII, PHI, financial)
Encryption at rest and in transit
Database security and query parameterization
File upload validation and storage security
Data lifecycle (retention, deletion, anonymization)

4. SAST Pattern Analysis

Injection vectors (SQL, XSS, command, template)
Dangerous function detection (eval, exec, innerHTML)
Data flow analysis (source → sink tracing)
Hardcoded secrets and debug code detection
ReDoS and race condition identification
Dependency vulnerability analysis

5. Compliance Mapping

SOC 2 Type II — Trust Services Criteria
ISO 27001 — Annex A controls
GDPR — Data protection articles
PCI DSS v4.0 — Payment security requirements
HIPAA — Health data safeguards

6. Risk Assessment & Threat Modeling

STRIDE threat model per component
Attack surface mapping
CVSS v3.1 scoring with full vector
Risk prioritization matrix (likelihood × impact)
Incident response readiness evaluation

📊 Report Output

The final report includes:

Executive Summary with overall security posture rating
Findings by severity (Critical → Informational)
Compliance status table per framework
Risk register with CVSS scores
Remediation roadmap (Immediate → Long-term)
Security scorecard with grades per domain

🔧 Available Models

| Model | Speed | Quality | Best For | |-------|-------|---------|----------| | llama-3.3-70b-versatile | Fast | Highest | Default — best reasoning | | llama-3.3-70b-specdec | Fastest | High | Quick scans | | llama-3.1-8b-instant | Instant | Good | Simple checks | | mixtral-8x7b-32768 | Fast | High | Large codebases (32K context) |

📁 Project Structure

security_auditor_agent/
├── bin/
│   └── cli.js              # CLI entry point
├── src/
│   ├── index.js            # Main agent runner
│   ├── graph.js            # LangGraph definition
│   ├── state.js            # Audit state (Annotation)
│   ├── nodes.js            # Specialist audit nodes
│   ├── prompts.js          # Expert security prompts
│   ├── llm.js              # Groq LLM configuration
│   └── setup.js            # Interactive setup
├── package.json
└── README.md

🤝 Programmatic Usage

const { runAgent } = require("security-auditor-agent");

const result = await runAgent(
  "Audit this Express.js API with JWT authentication and MongoDB",
  {
    mode: "full",
    standard: "soc2",
    severity: "medium",
    model: "llama-3.3-70b-versatile",
    onProgress: (step, message) => console.log(`[${step}] ${message}`),
  }
);

console.log(result.output);         // Full audit report
console.log(result.stepsCompleted); // Number of nodes executed
console.log(result.nodesVisited);   // Node execution path

⚠️ Disclaimer

This agent provides AI-assisted security analysis. While thorough, it should complement — not replace — professional penetration testing, manual code review, and certified security audits. Full WCAG/compliance validation requires expert human review.

📄 License

MIT