WuYanBo
/
CodeReview
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Update deployment configurations, dependency management, and documentation, including a new sandbox build service.

This commit is contained in:
lintsinghua 2025-12-15 15:18:55 +08:00
parent 3639b3a13e
commit ba00b718e4
34 changed files with 7040 additions and 11000 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.github/workflows/release.yml vendored
View File

@ -180,11 +180,8 @@ jobs:
echo "" >> CHANGELOG.md
echo "### 快速部署" >> CHANGELOG.md
echo "\`\`\`bash" >> CHANGELOG.md
echo "# 基础部署" >> CHANGELOG.md
echo "# 部署" >> CHANGELOG.md
echo "docker compose up -d" >> CHANGELOG.md
echo "" >> CHANGELOG.md
echo "# Agent 模式部署(包含 Milvus 向量数据库)" >> CHANGELOG.md
echo "docker compose --profile agent up -d" >> CHANGELOG.md
echo "\`\`\`" >> CHANGELOG.md
# 12. 创建 GitHub Release

3
.gitignore vendored
View File

@ -184,9 +184,6 @@ trufflehog_results.json
ttt/
examples/
# Milvus data
milvus_data/
# ChromaDB data
chroma/

2
CHANGELOG.md
View File

@ -27,7 +27,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
#### RAG Knowledge Base
- Code semantic understanding with Tree-sitter AST-based chunking
- CWE/CVE vulnerability knowledge base integration
- Milvus/ChromaDB vector database support
- ChromaDB vector database support
- Multi-language support: Python, JavaScript, TypeScript, Java, Go, PHP, Rust
#### Security Sandbox

591
README.md
View File

@ -1,250 +1,499 @@
# DeepAudit - AI 驱动的智能代码安全审计平台 🛡️
<div style="width: 100%; max-width: 600px; margin: 0 auto;">
<img src="frontend/public/images/logo.png" alt="DeepAudit Logo" style="width: 100%; height: auto; display: block; margin: 0 auto;">
</div>
<div align="center">
[![Version](https://img.shields.io/badge/version-3.0.0-blue.svg)](https://github.com/lintsinghua/DeepAudit/releases)
[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
[![React](https://img.shields.io/badge/React-18-61dafb.svg)](https://reactjs.org/)
[![TypeScript](https://img.shields.io/badge/TypeScript-5.7-3178c6.svg)](https://www.typescriptlang.org/)
[![FastAPI](https://img.shields.io/badge/FastAPI-0.100+-009688.svg)](https://fastapi.tiangolo.com/)
[![Python](https://img.shields.io/badge/Python-3.13+-3776ab.svg)](https://www.python.org/)
# DeepAudit
### **AI-Powered Intelligent Code Security Audit Platform**
*让安全审计像呼吸一样简单*
<br/>
<img src="frontend/public/images/logo.png" alt="DeepAudit Logo" width="100%">
<br/>
[![Version](https://img.shields.io/badge/version-3.0.0-blue.svg?style=for-the-badge)](https://github.com/lintsinghua/DeepAudit/releases)
[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg?style=for-the-badge)](https://opensource.org/licenses/MIT)
[![React](https://img.shields.io/badge/React-18-61dafb.svg?style=for-the-badge&logo=react)](https://reactjs.org/)
[![FastAPI](https://img.shields.io/badge/FastAPI-0.100+-009688.svg?style=for-the-badge&logo=fastapi)](https://fastapi.tiangolo.com/)
[![Python](https://img.shields.io/badge/Python-3.13+-3776ab.svg?style=for-the-badge&logo=python)](https://www.python.org/)
[![TypeScript](https://img.shields.io/badge/TypeScript-5.7-3178c6.svg?style=for-the-badge&logo=typescript)](https://www.typescriptlang.org/)
<br/>
[![Stars](https://img.shields.io/github/stars/lintsinghua/DeepAudit?style=for-the-badge&color=gold)](https://github.com/lintsinghua/DeepAudit/stargazers)
[![Forks](https://img.shields.io/github/forks/lintsinghua/DeepAudit?style=for-the-badge)](https://github.com/lintsinghua/DeepAudit/network/members)
[![Issues](https://img.shields.io/github/issues/lintsinghua/DeepAudit?style=for-the-badge)](https://github.com/lintsinghua/DeepAudit/issues)
[![Ask DeepWiki](https://deepwiki.com/badge.svg)](https://deepwiki.com/lintsinghua/DeepAudit)
[![Stars](https://img.shields.io/github/stars/lintsinghua/DeepAudit?style=social)](https://github.com/lintsinghua/DeepAudit/stargazers)
[![Forks](https://img.shields.io/github/forks/lintsinghua/DeepAudit?style=social)](https://github.com/lintsinghua/DeepAudit/network/members)
<br/>
[🚀 快速开始](#-快速开始) •
[✨ 核心功能](#-核心功能) •
[🤖 Agent 审计](#-multi-agent-智能审计) •
[📚 文档](#-文档) •
[🤝 贡献](#-贡献)
<br/>
<img src="frontend/public/DeepAudit.gif" alt="DeepAudit Demo" width="90%">
</div>
## 🚀 v3.0.0 新特性
**DeepAudit v3.0.0** 带来了革命性的 **Multi-Agent 智能审计系统**
- 🤖 **Multi-Agent 架构** — Orchestrator 编排决策Analysis/Recon/Verification 多智能体协作
- 🧠 **RAG 知识库增强** — 代码语义理解 + CWE/CVE 漏洞知识库,精准识别安全风险
- 🔒 **沙箱漏洞验证** — Docker 安全容器自动执行 PoC验证漏洞真实有效性
- 🛠️ **专业安全工具集成** — Semgrep、Bandit、Gitleaks、TruffleHog、OSV-Scanner
---
## 💡 这是什么?
**你是否也有这样的困扰?**
- 😫 人工审计的无力:哪怕我不吃不睡,也追不上代码迭代的速度
- 🤯 传统工具的噪音:每天都在清理误报,感觉自己像个垃圾分类员
- 😰 代码隐私的风险:想用 AI 却不敢"裸奔",生怕源码泄露给云端
- 🥺 外包项目的隐患:不知道里面藏了多少雷,却不得不签字验收
**DeepAudit 来拯救你!** 🦸‍♂️
- 全自动智能审计AI 驱动的 Multi-Agent 系统自主编排审计策略
- 上下文精准理解RAG 增强的代码语义理解,大大降低误报率
- 沙箱验证漏洞:自动生成 PoC 并在隔离环境验证,确保漏洞真实有效
- 支持本地私有部署:支持 Ollama 本地模型,代码数据可以不出内网
## 🎬 眼见为实:
| 智能仪表盘 | 即时分析 |
|:---:|:---:|
| ![仪表盘](frontend/public/images/example1.png) | ![即时分析](frontend/public/images/example2.png) |
| *一眼掌握项目安全态势* | *粘贴代码/上传文件,秒出结果* |
| Agent 审计 | 审计报告 |
|:---:|:---:|
| <img src="frontend/public/images/example3.png" alt="Agent审计" width="400"> | <img src="frontend/public/images/审计报告示例.png" alt="审计报告" width="400"> |
| *Multi-Agent 深度安全分析* | *专业报告,一键导出* |
| 审计规则管理 | 提示词模板管理 |
|:---:|:---:|
| ![审计规则](frontend/public/images/audit-rules.png) | ![提示词管理](frontend/public/images/prompt-manager.png) |
| *内置 OWASP Top 10支持自定义规则* | *提示词可视化管理,支持在线测试* |
## ✨ 为什么选择我们?
## 🎉 v3.0.0 新特性
<table>
<tr>
<td width="50%">
### 🤖 Multi-Agent 智能协作
- **Orchestrator Agent**: 统筹编排,自主决策审计策略
- **Recon Agent**: 信息收集,识别技术栈和入口点
- **Analysis Agent**: 深度分析,挖掘潜在安全漏洞
- **Verification Agent**: 沙箱验证,确认漏洞真实有效
### 🧠 RAG 知识库增强
- 代码语义理解,不只是关键词匹配
- CWE/CVE 漏洞知识库集成
- 精准漏洞识别,大幅降低误报
### 🎯 What-Why-How 三步修复
- **What**: 精准定位问题所在
- **Why**: 解释为什么这是个问题
- **How**: 给出可直接使用的修复建议
<td align="center" width="25%">
<h3>🤖 Multi-Agent</h3>
<p>Orchestrator 编排决策<br/>多智能体自主协作</p>
</td>
<td width="50%">
### 🔒 沙箱安全验证
- Docker 隔离容器执行 PoC
- 资源限制 + 网络隔离 + seccomp 策略
- 自动验证漏洞可利用性
### 🛠️ 专业安全工具集成
- **Semgrep**: 多语言静态分析
- **Bandit**: Python 安全扫描
- **Gitleaks/TruffleHog**: 密钥泄露检测
- **OSV-Scanner**: 依赖漏洞扫描
### 🔌 10+ LLM 平台任你选
OpenAI、Claude、Gemini、通义千问、DeepSeek、智谱AI...
还支持 Ollama 本地私有化部署!
<td align="center" width="25%">
<h3>🧠 RAG 增强</h3>
<p>代码语义理解<br/>CWE/CVE 知识库检索</p>
</td>
<td align="center" width="25%">
<h3>🔒 沙箱验证</h3>
<p>Docker 安全容器<br/>自动 PoC 验证</p>
</td>
<td align="center" width="25%">
<h3>🛠️ 工具集成</h3>
<p>Semgrep • Bandit<br/>Gitleaks • OSV-Scanner</p>
</td>
</tr>
</table>
---
## 💡 为什么需要 DeepAudit
> **你是否也有这样的困扰?**
| 😫 痛点 | 💡 DeepAudit 解决方案 |
|---------|----------------------|
| 人工审计跟不上代码迭代速度 | **Multi-Agent 自主审计**AI 自动编排审计策略 |
| 传统工具误报率高,每天都在清理噪音 | **RAG 知识库增强**,代码语义理解大幅降低误报 |
| 担心源码泄露给云端 AI | **支持 Ollama 本地部署**,代码数据不出内网 |
| 外包项目不知道藏了多少雷 | **沙箱 PoC 验证**,确认漏洞真实可利用 |
---
## 📸 界面预览
<div align="center">
### 🤖 Agent 审计入口
<img src="frontend/public/images/README-show/Agent审计入口首页.png" alt="Agent审计入口" width="90%">
*首页快速进入 Multi-Agent 深度审计*
</div>
<table>
<tr>
<td width="50%" align="center">
<strong>📋 审计流日志</strong><br/><br/>
<img src="frontend/public/images/README-show/审计流日志.png" alt="审计流日志" width="95%"><br/>
<em>实时查看 Agent 思考与执行过程</em>
</td>
<td width="50%" align="center">
<strong>🎛️ 智能仪表盘</strong><br/><br/>
<img src="frontend/public/images/README-show/仪表盘.png" alt="仪表盘" width="95%"><br/>
<em>一眼掌握项目安全态势</em>
</td>
</tr>
<tr>
<td width="50%" align="center">
<strong>⚡ 即时分析</strong><br/><br/>
<img src="frontend/public/images/README-show/即时分析.png" alt="即时分析" width="95%"><br/>
<em>粘贴代码 / 上传文件,秒出结果</em>
</td>
<td width="50%" align="center">
<strong>🗂️ 项目管理</strong><br/><br/>
<img src="frontend/public/images/README-show/项目管理.png" alt="项目管理" width="95%"><br/>
<em>GitHub/GitLab 导入,多项目协同管理</em>
</td>
</tr>
</table>
<div align="center">
### 📊 专业报告
<img src="frontend/public/images/README-show/审计报告示例.png" alt="审计报告" width="90%">
*一键导出 PDF / Markdown / JSON*图中为快速模式非Agent模式报告
👉 [查看Agent审计完整报告示例](docs/audit_report_智能漏洞挖掘审计%20-%20完整示例_2025-12-15.html)
</div>
---
## 🚀 快速开始
### Docker Compose 一键部署(推荐)
### 📦 Docker Compose 一键部署(推荐)
```bash
# 1⃣ 克隆项目
git clone https://github.com/lintsinghua/DeepAudit.git && cd DeepAudit
# 2⃣ 配置你的 LLM API Key
# 2⃣ 配置 LLM API Key
cp backend/env.example backend/.env
# 编辑 backend/.env填入你的 API Key
# 3⃣ 一键启动!
# 3⃣ 构建沙箱镜像Agent 漏洞验证必须)
cd docker/sandbox && chmod +x build.sh && ./build.sh && cd ../..
# 4⃣ 启动所有服务
docker compose up -d
```
🎉 **搞定!** 打开 http://localhost:3000 开始体验吧!
🎉 **完成!** 访问 **http://localhost:3000** 开始体验(包含 Multi-Agent 审计能力)
### Agent 审计模式部署(可选)
### 🔑 演示账户
如需使用 Multi-Agent 深度审计功能:
| 📧 邮箱 | 🔑 密码 |
|--------|---------|
| `demo@example.com` | `demo123` |
```bash
# 启动包含 Milvus 向量数据库的完整服务
docker compose --profile agent up -d
> ⚠️ **生产环境请务必删除演示账户或修改密码!**
# 构建安全沙箱镜像(用于漏洞验证)
cd docker/sandbox && ./build.sh
```
<details>
<summary>📖 更多部署方式(本地开发、生产环境配置)</summary>
### 演示账户
查看 **[部署指南](docs/DEPLOYMENT.md)** 了解:
- 本地开发环境搭建
- 生产环境配置
- HTTPS 配置
- 反向代理设置
- 环境变量详解
系统内置演示账户,包含示例项目和审计数据:
</details>
- 📧 邮箱:`demo@example.com`
- 🔑 密码:`demo123`
---
> ⚠️ **生产环境请删除演示账户或修改密码!**
## ✨ 核心功能
> 📖 更多部署方式请查看 [部署指南](docs/DEPLOYMENT.md)
<table>
<tr>
<td width="50%">
## ✨ 核心能力
### 🤖 Multi-Agent 智能审计
| 功能 | 说明 |
自主编排、深度分析、自动验证
- **Orchestrator Agent** — 统筹编排,制定审计策略
- **Recon Agent** — 信息收集,识别技术栈和入口点
- **Analysis Agent** — 深度分析,挖掘潜在安全漏洞
- **Verification Agent** — 沙箱验证,确认漏洞有效性
### 🧠 RAG 知识库增强
超越简单关键词匹配
- Tree-sitter AST 智能代码分块
- ChromaDB 向量数据库
- CWE / CVE 漏洞知识库集成
- 多语言支持Python, JS, TS, Java, Go, PHP, Rust
### 🔒 安全沙箱验证
Docker 隔离环境执行 PoC
- 资源限制CPU / Memory
- 网络隔离
- seccomp 安全策略
- 自动生成并执行 PoC 代码
</td>
<td width="50%">
### 🛠️ 专业安全工具集成
| 工具 | 功能 |
|------|------|
| 🤖 **Agent 审计** | Multi-Agent 架构Orchestrator 自主编排决策,深度漏洞挖掘 |
| 🧠 **RAG 增强** | 代码语义理解CWE/CVE 知识库检索,精准漏洞识别 |
| 🔒 **沙箱验证** | Docker 安全容器执行 PoC自动验证漏洞有效性 |
| 🗂️ **项目管理** | GitHub/GitLab 一键导入ZIP 上传,支持 10+ 编程语言 |
| ⚡ **即时分析** | 代码片段秒级分析,粘贴即用,无需创建项目 |
| 🔍 **智能审计** | Bug、安全、性能、风格、可维护性五维检测 |
| 💡 **可解释分析** | What-Why-How 模式,精准定位 + 修复建议 |
| 📋 **审计规则** | 内置 OWASP Top 10、代码质量、性能优化规则集 |
| 📝 **提示词模板** | 可视化管理审计提示词,支持中英文双语 |
| 📊 **可视化报告** | 质量仪表盘、趋势分析、PDF/JSON 一键导出 |
| ⚙️ **灵活配置** | 浏览器运行时配置 LLM无需重启服务 |
| Semgrep | 多语言静态分析 |
| Bandit | Python 安全扫描 |
| Gitleaks | 密钥泄露检测 |
| TruffleHog | 深度密钥扫描 |
| OSV-Scanner | 依赖漏洞扫描 |
| npm audit | Node.js 依赖审计 |
| Safety | Python 依赖审计 |
## 🤖 支持的 LLM 平台
### 🎯 What-Why-How 三步修复
| 类型 | 平台 |
|------|------|
| 🌍 **国际平台** | OpenAI GPT · Claude · Gemini · DeepSeek |
| 🇨🇳 **国内平台** | 通义千问 · 智谱AI · Kimi · 文心一言 · MiniMax · 豆包 |
| 🏠 **本地部署** | Ollama (Llama3, CodeLlama, Qwen2.5, DeepSeek-Coder...) |
- **What** — 精准定位问题所在
- **Why** — 解释为什么这是个问题
- **How** — 给出可直接使用的修复建议
> 💡 支持 API 中转站,解决网络访问问题
### 📊 可视化报告
详细配置请查看 [LLM 平台支持](docs/LLM_PROVIDERS.md)
- 智能安全评分
- 漏洞趋势分析
- 一键导出 PDF / JSON
## 🎯 未来蓝图
</td>
</tr>
</table>
### ✅ 已完成
---
- ✅ **RAG 知识库** — 代码语义理解 + CWE/CVE 漏洞知识库集成
- ✅ **多 Agent 协作** — Orchestrator/Analysis/Recon/Verification 多智能体架构
- ✅ **沙箱验证** — Docker 安全容器自动执行 PoC 验证
## 🤖 Multi-Agent 智能审计
### 架构概览
<div align="center">
<img src="frontend/public/images/README-show/架构图.png" alt="DeepAudit 架构图" width="90%">
</div>
### 支持的漏洞类型
<table>
<tr>
<td>
| 漏洞类型 | 描述 |
|---------|------|
| `sql_injection` | SQL 注入 |
| `xss` | 跨站脚本攻击 |
| `command_injection` | 命令注入 |
| `path_traversal` | 路径遍历 |
| `ssrf` | 服务端请求伪造 |
| `xxe` | XML 外部实体注入 |
</td>
<td>
| 漏洞类型 | 描述 |
|---------|------|
| `insecure_deserialization` | 不安全反序列化 |
| `hardcoded_secret` | 硬编码密钥 |
| `weak_crypto` | 弱加密算法 |
| `authentication_bypass` | 认证绕过 |
| `authorization_bypass` | 授权绕过 |
| `idor` | 不安全直接对象引用 |
</td>
</tr>
</table>
> 📖 详细文档请查看 **[Agent 审计指南](docs/AGENT_AUDIT.md)**
---
## 🔌 支持的 LLM 平台
<table>
<tr>
<td align="center" width="33%">
<h3>🌍 国际平台</h3>
<p>
OpenAI GPT-4o / GPT-4<br/>
Claude 3.5 Sonnet / Opus<br/>
Google Gemini Pro<br/>
DeepSeek V3
</p>
</td>
<td align="center" width="33%">
<h3>🇨🇳 国内平台</h3>
<p>
通义千问 Qwen<br/>
智谱 GLM-4<br/>
Moonshot Kimi<br/>
文心一言 · MiniMax · 豆包
</p>
</td>
<td align="center" width="33%">
<h3>🏠 本地部署</h3>
<p>
<strong>Ollama</strong><br/>
Llama3 · Qwen2.5 · CodeLlama<br/>
DeepSeek-Coder · Codestral<br/>
<em>代码不出内网</em>
</p>
</td>
</tr>
</table>
> 💡 支持 API 中转站,解决网络访问问题 | 详细配置 → [LLM 平台支持](docs/LLM_PROVIDERS.md)
---
## 🎯 功能矩阵
| 功能 | 说明 | 模式 |
|------|------|------|
| 🤖 **Agent 深度审计** | Multi-Agent 协作,自主编排审计策略 | Agent |
| 🧠 **RAG 知识增强** | 代码语义理解CWE/CVE 知识库检索 | Agent |
| 🔒 **沙箱 PoC 验证** | Docker 隔离执行,验证漏洞有效性 | Agent |
| 🗂️ **项目管理** | GitHub/GitLab 导入ZIP 上传10+ 语言支持 | 通用 |
| ⚡ **即时分析** | 代码片段秒级分析,粘贴即用 | 通用 |
| 🔍 **五维检测** | Bug · 安全 · 性能 · 风格 · 可维护性 | 通用 |
| 💡 **What-Why-How** | 精准定位 + 原因解释 + 修复建议 | 通用 |
| 📋 **审计规则** | 内置 OWASP Top 10支持自定义规则集 | 通用 |
| 📝 **提示词模板** | 可视化管理,支持中英文双语 | 通用 |
| 📊 **报告导出** | PDF / Markdown / JSON 一键导出 | 通用 |
| ⚙️ **运行时配置** | 浏览器配置 LLM无需重启服务 | 通用 |
---
## 🗺️ 未来蓝图
### ✅ 已完成 (v3.0.0)
- [x] Multi-Agent 协作架构Orchestrator/Recon/Analysis/Verification
- [x] RAG 知识库(代码语义 + CWE/CVE
- [x] Docker 沙箱 PoC 验证
- [x] 专业安全工具集成
### 🚧 开发中
- 🔄 **CI/CD 集成** — GitHub/GitLab 流水线自动审计PR 批量扫描
- 🔄 **自动生成补丁** — 基于漏洞分析自动生成修复代码
- 🔄 **跨文件分析** — 代码知识图谱,理解模块间调用关系
- [ ] **CI/CD 集成** — GitHub Actions / GitLab CI 流水线自动审计
- [ ] **自动补丁生成** — 基于漏洞分析自动生成修复代码
- [ ] **跨文件分析** — 代码知识图谱,理解模块间调用关系
### 📋 计划中
- 📋 **混合分析** — AI 分析 + 传统 SAST 工具验证,减少误报漏报
- 📋 **多仓库支持** — Gitea、Bitbucket 等更多平台支持
- [ ] **混合分析** — AI + 传统 SAST 联合验证,减少误报漏报
- [ ] **IDE 插件** — VS Code / JetBrains 集成
- [ ] **多仓库支持** — Gitea, Bitbucket, GitLab Self-hosted
💡 **您的 Star 和反馈是我们前进的最大动力!有任何想法欢迎提 Issue 一起讨论~**
---
## 📚 文档
| 文档 | 说明 |
|------|------|
| [部署指南](docs/DEPLOYMENT.md) | Docker 部署 / 本地开发环境搭建 |
| [Agent 审计](docs/AGENT_AUDIT.md) | Multi-Agent 审计模块详解 |
| [配置说明](docs/CONFIGURATION.md) | 后端配置、审计规则、提示词模板 |
| [LLM 平台支持](docs/LLM_PROVIDERS.md) | 各家 LLM 的配置方法和 API Key 获取 |
| [安全工具设置](docs/SECURITY_TOOLS_SETUP.md) | 安全扫描工具本地安装指南 |
| [常见问题](docs/FAQ.md) | 遇到问题先看这里 |
| [更新日志](CHANGELOG.md) | 版本更新记录 |
| [贡献指南](CONTRIBUTING.md) | 想参与开发?看这个 |
| [安全政策](SECURITY.md) / [免责声明](DISCLAIMER.md) | 使用前建议读一下 |
| 📘 [部署指南](docs/DEPLOYMENT.md) | Docker 部署、本地开发、生产配置 |
| 🤖 [Agent 审计](docs/AGENT_AUDIT.md) | Multi-Agent 模块详解 |
| ⚙️ [配置说明](docs/CONFIGURATION.md) | 后端配置、审计规则、提示词模板 |
| 🔌 [LLM 平台](docs/LLM_PROVIDERS.md) | 各家 LLM 配置方法和 API Key 获取 |
| 🛠️ [安全工具](docs/SECURITY_TOOLS_SETUP.md) | 安全扫描工具本地安装指南 |
| ❓ [常见问题](docs/FAQ.md) | 遇到问题先看这里 |
| 📜 [更新日志](CHANGELOG.md) | 版本更新记录 |
| 👥 [贡献指南](CONTRIBUTING.md) | 参与开发 |
---
## 🏗️ 技术栈
<table>
<tr>
<td width="50%">
### 🖥️ 前端
- **React 18** + TypeScript 5.7
- **Vite** 构建工具
- **TailwindCSS** + 自定义 Cyberpunk 主题
- **Zustand** 状态管理
- **React Query** 数据获取
</td>
<td width="50%">
### ⚙️ 后端
- **FastAPI** + Python 3.13
- **PostgreSQL** 数据存储
- **ChromaDB** 向量数据库
- **Docker** 沙箱容器
- **SSE** 实时事件流
</td>
</tr>
</table>
---
## 🤝 贡献
开源项目离不开社区的支持!无论是提 Issue、贡献代码还是分享使用心得都非常欢迎。
开源项目离不开社区的支持!无论是提 Issue、PR还是分享使用心得都非常欢迎 🙌
> 有想和我一起让工具变得更好的佬友们,欢迎联系我,和我一起为开源做一点贡献
<a href="https://github.com/lintsinghua/DeepAudit/graphs/contributors">
<img src="https://contrib.rocks/image?repo=lintsinghua/DeepAudit" alt="Contributors" />
</a>
**感谢每一位贡献者!**
> 💬 想和我一起让工具变得更好?欢迎联系我,一起为开源做贡献!
[![Contributors](https://contrib.rocks/image?repo=lintsinghua/DeepAudit)](https://github.com/lintsinghua/DeepAudit/graphs/contributors)
---
## 🙏 致谢
DeepAudit 的诞生离不开以下优秀开源项目的支持与启发,在此表示衷心感谢!
### 🏗️ 架构参考
| 项目 | 说明 | License |
|------|------|---------|
| [**Strix**](https://github.com/AiGptCode/Strix) | Multi-Agent 安全审计架构参考,提供了 Agent 协作编排的优秀设计思路 | MIT |
### 🔧 集成工具
| 项目 | 说明 | License |
|------|------|---------|
| [**Kunlun-M (昆仑镜)**](https://github.com/LoRexxar/Kunlun-M) | PHP/JS 静态代码安全审计工具,集成为 Agent 分析工具之一 | MIT |
| [**Semgrep**](https://github.com/semgrep/semgrep) | 多语言静态分析引擎,支持自定义规则 | LGPL-2.1 |
| [**Bandit**](https://github.com/PyCQA/bandit) | Python 安全漏洞扫描工具 | Apache-2.0 |
| [**Gitleaks**](https://github.com/gitleaks/gitleaks) | Git 仓库密钥泄露检测工具 | MIT |
| [**TruffleHog**](https://github.com/trufflesecurity/trufflehog) | 深度密钥和凭证扫描器 | AGPL-3.0 |
| [**OSV-Scanner**](https://github.com/google/osv-scanner) | Google 开源的依赖漏洞扫描器 | Apache-2.0 |
### 🧠 核心依赖
| 项目 | 说明 | License |
|------|------|---------|
| [**LangChain**](https://github.com/langchain-ai/langchain) | LLM 应用开发框架 | MIT |
| [**LangGraph**](https://github.com/langchain-ai/langgraph) | Agent 状态图工作流引擎 | MIT |
| [**LiteLLM**](https://github.com/BerriAI/litellm) | 统一多 LLM 平台调用接口 | MIT |
| [**ChromaDB**](https://github.com/chroma-core/chroma) | 轻量级向量数据库 | Apache-2.0 |
| [**Tree-sitter**](https://github.com/tree-sitter/tree-sitter) | 增量解析库,用于代码 AST 分析 | MIT |
| [**FastAPI**](https://github.com/fastapi/fastapi) | 高性能 Python Web 框架 | MIT |
| [**React**](https://github.com/facebook/react) | 用户界面构建库 | MIT |
> 💡 感谢所有开源贡献者的无私奉献,让我们能站在巨人的肩膀上构建更好的工具!
---
## 📞 联系我们
- **项目链接**: [https://github.com/lintsinghua/DeepAudit](https://github.com/lintsinghua/DeepAudit)
- **问题反馈**: [Issues](https://github.com/lintsinghua/DeepAudit/issues)
- **作者邮箱**: lintsinghua@qq.com
<table>
<tr>
<td align="center">🌐 <strong>项目主页</strong></td>
<td><a href="https://github.com/lintsinghua/DeepAudit">github.com/lintsinghua/DeepAudit</a></td>
</tr>
<tr>
<td align="center">🐛 <strong>问题反馈</strong></td>
<td><a href="https://github.com/lintsinghua/DeepAudit/issues">Issues</a></td>
</tr>
<tr>
<td align="center">📧 <strong>作者邮箱</strong></td>
<td>lintsinghua@qq.com</td>
</tr>
</table>
---
<p align="center">
<strong>⭐ 如果这个项目对你有帮助,请给我们一个 Star</strong>
<br>
<em>你的支持是我们持续迭代的最大动力 💪</em>
</p>
<div align="center">
## 📈 项目统计
## ⭐ 如果这个项目对你有帮助,请给我们一个 Star
[![Star History Chart](https://api.star-history.com/svg?repos=lintsinghua/DeepAudit&type=date&legend=top-left)](https://www.star-history.com/#lintsinghua/DeepAudit&type=date&legend=top-left)
**你的支持是我们持续迭代的最大动力 💪**
<br/>
[![Star History Chart](https://api.star-history.com/svg?repos=lintsinghua/DeepAudit&type=Date)](https://star-history.com/#lintsinghua/DeepAudit&Date)
<br/>
---
<p align="center">
⚠️ 使用前请阅读 <a href="SECURITY.md">安全政策</a><a href="DISCLAIMER.md">免责声明</a>
</p>
⚠️ 使用前请阅读 [安全政策](SECURITY.md) 和 [免责声明](DISCLAIMER.md)
<p align="center">
Made with ❤️ by <a href="https://github.com/lintsinghua">lintsinghua</a>
</p>
<br/>
**Made with ❤️ by [lintsinghua](https://github.com/lintsinghua)**
</div>

1
backend/.dockerignore
View File

@ -3,7 +3,6 @@ __pycache__
*.pyc
.git
.gitignore
*.md
.env
.vscode
.DS_Store

13
backend/Dockerfile
View File

@ -1,4 +1,4 @@
FROM python:3.13-slim
FROM python:3.12-slim
WORKDIR /app
@ -10,15 +10,17 @@ ENV https_proxy=
ENV HTTP_PROXY=
ENV HTTPS_PROXY=
# 配置 apt 重试机制以处理网络不稳定
RUN echo 'Acquire::Retries "3";' > /etc/apt/apt.conf.d/80-retries
# 安装系统依赖(包含 WeasyPrint 所需的库和中文字体支持)
RUN rm -f /etc/apt/apt.conf.d/proxy.conf 2>/dev/null || true && \
unset http_proxy https_proxy HTTP_PROXY HTTPS_PROXY all_proxy ALL_PROXY && \
apt-get update && \
apt-get install -y --no-install-recommends \
apt-get install -y --no-install-recommends --fix-missing \
gcc \
libpq-dev \
curl \
# WeasyPrint 完整依赖
libpango-1.0-0 \
libpangoft2-1.0-0 \
libpangocairo-1.0-0 \
@ -27,7 +29,6 @@ RUN rm -f /etc/apt/apt.conf.d/proxy.conf 2>/dev/null || true && \
libffi-dev \
libglib2.0-0 \
shared-mime-info \
# 字体支持(中文)
fonts-noto-cjk \
fonts-noto-cjk-extra \
fontconfig \
@ -37,8 +38,8 @@ RUN rm -f /etc/apt/apt.conf.d/proxy.conf 2>/dev/null || true && \
# 安装 uv
COPY --from=ghcr.io/astral-sh/uv:latest /uv /usr/local/bin/uv
# 复制依赖文件
COPY pyproject.toml uv.lock ./
# 复制依赖文件和 README
COPY pyproject.toml uv.lock README.md ./
# 使用 uv 安装依赖(确保无代理)
RUN unset http_proxy https_proxy HTTP_PROXY HTTPS_PROXY all_proxy ALL_PROXY && \

3
backend/README.md Normal file
View File

@ -0,0 +1,3 @@
# DeepAudit Backend
AI-Powered Code Security Audit Platform Backend Service.

4
backend/app/core/config.py
View File

@ -91,8 +91,8 @@ class Settings(BaseSettings):
AGENT_TOKEN_BUDGET: int = 100000 # Agent Token 预算
AGENT_TIMEOUT_SECONDS: int = 1800 # Agent 超时时间30分钟
# 沙箱配置
SANDBOX_IMAGE: str = "python:3.11-slim" # 沙箱 Docker 镜像
# 沙箱配置(必须)
SANDBOX_IMAGE: str = "deepaudit/sandbox:latest" # 沙箱 Docker 镜像
SANDBOX_MEMORY_LIMIT: str = "512m" # 沙箱内存限制
SANDBOX_CPU_LIMIT: float = 1.0 # 沙箱 CPU 限制
SANDBOX_TIMEOUT: int = 60 # 沙箱命令超时(秒)

54
backend/app/main.py
View File

@ -18,6 +18,37 @@ logging.getLogger("LiteLLM").setLevel(logging.WARNING)
logging.getLogger("litellm").setLevel(logging.WARNING)
async def check_agent_services():
"""检查 Agent 必须服务的可用性"""
issues = []
# 检查 Docker/沙箱服务
try:
import docker
client = docker.from_env()
client.ping()
logger.info(" - Docker 服务可用")
except ImportError:
issues.append("Docker Python 库未安装 (pip install docker)")
except Exception as e:
issues.append(f"Docker 服务不可用: {e}")
# 检查 Redis 连接(可选警告)
try:
import redis
import os
redis_url = os.environ.get("REDIS_URL", "redis://localhost:6379/0")
r = redis.from_url(redis_url)
r.ping()
logger.info(" - Redis 服务可用")
except ImportError:
logger.warning(" - Redis Python 库未安装,部分功能可能受限")
except Exception as e:
logger.warning(f" - Redis 服务连接失败: {e}")
return issues
@asynccontextmanager
async def lifespan(app: FastAPI):
"""
@ -25,13 +56,13 @@ async def lifespan(app: FastAPI):
启动时初始化数据库创建默认账户等
"""
logger.info("DeepAudit 后端服务启动中...")
# 初始化数据库(创建默认账户)
# 注意:需要先运行 alembic upgrade head 创建表结构
try:
async with AsyncSessionLocal() as db:
await init_db(db)
logger.info(" 数据库初始化完成")
logger.info(" - 数据库初始化完成")
except Exception as e:
# 表不存在时静默跳过,等待用户运行数据库迁移
error_msg = str(e)
@ -39,16 +70,29 @@ async def lifespan(app: FastAPI):
logger.info("数据库表未创建,请先运行: alembic upgrade head")
else:
logger.warning(f"数据库初始化跳过: {e}")
# 检查 Agent 服务
logger.info("检查 Agent 核心服务...")
issues = await check_agent_services()
if issues:
logger.warning("=" * 50)
logger.warning("Agent 服务检查发现问题:")
for issue in issues:
logger.warning(f" - {issue}")
logger.warning("部分功能可能不可用,请检查配置")
logger.warning("=" * 50)
else:
logger.info(" - Agent 核心服务检查通过")
logger.info("=" * 50)
logger.info("DeepAudit 后端服务已启动")
logger.info(f"API 文档: http://localhost:8000/docs")
logger.info("=" * 50)
logger.info("演示账户: demo@example.com / demo123")
logger.info("=" * 50)
yield
logger.info("DeepAudit 后端服务已关闭")

25
backend/env.example
View File

@ -106,9 +106,9 @@ LLM_MAX_TOKENS=4096
# OLLAMA_BASE_URL=http://localhost:11434/v1
# =============================================
# Agent 审计配置 (Multi-Agent v3.0.0 新增)
# Agent 审计配置 (Multi-Agent v3.0.0 核心必须)
# =============================================
# Agent 审计开关(开启后可使用 Multi-Agent 深度审计功能)
# Agent 审计开关(必须开启,是核心功能)
AGENT_ENABLED=true
# Agent 最大迭代次数
@ -117,6 +117,10 @@ AGENT_MAX_ITERATIONS=5
# Agent 单次审计超时时间(秒)
AGENT_TIMEOUT=1800
# Redis 配置Agent 任务队列 - 必须)
# Docker Compose 部署时使用 redis 作为服务器地址
REDIS_URL=redis://localhost:6379/0
# =============================================
# 嵌入模型配置RAG 功能,独立于主 LLM
# =============================================
@ -137,25 +141,22 @@ EMBEDDING_BASE_URL=
# =============================================
# 向量数据库配置RAG 功能)
# =============================================
# 向量数据库类型: milvus, chroma
# 向量数据库类型: chroma
VECTOR_DB_TYPE=chroma
# ChromaDB 配置(本地模式)
CHROMA_PERSIST_DIRECTORY=./data/chroma
# Milvus 配置Agent 模式推荐)
# Docker Compose --profile agent 启动时使用 milvus 作为 host
MILVUS_HOST=localhost
MILVUS_PORT=19530
# =============================================
# 沙箱配置(漏洞验证)
# 沙箱配置(漏洞验证 - 核心必须)
# =============================================
# 沙箱功能开关
# 沙箱功能开关(必须开启,是漏洞验证的核心组件)
SANDBOX_ENABLED=true
# 沙箱 Docker 镜像(需要提前构建: cd docker/sandbox && ./build.sh
SANDBOX_IMAGE=deepaudit-sandbox:latest
# 沙箱 Docker 镜像
# 构建方式 1: docker compose build sandbox
# 构建方式 2: cd docker/sandbox && ./build.sh
SANDBOX_IMAGE=deepaudit/sandbox:latest
# 沙箱内存限制
SANDBOX_MEMORY_LIMIT=512m

1
backend/pyproject.toml
View File

@ -21,6 +21,7 @@ dependencies = [
"asyncpg>=0.29.0",
"alembic>=1.13.0",
"greenlet>=3.0.0",
"redis>=5.0.0",
# ============ Data Validation ============
"pydantic>=2.0.0",

92
backend/requirements-lock.txt
View File

@ -1,7 +1,7 @@
# This file was autogenerated by uv via the following command:
# uv pip compile requirements.txt -o requirements-lock.txt --python-version 3.12
# uv pip compile pyproject.toml -o requirements-lock.txt
aiofiles==25.1.0
# via -r requirements.txt
# via deepaudit-backend (pyproject.toml)
aiohappyeyeballs==2.6.1
# via aiohttp
aiohttp==3.13.2
@ -11,7 +11,7 @@ aiohttp==3.13.2
aiosignal==1.4.0
# via aiohttp
alembic==1.17.2
# via -r requirements.txt
# via deepaudit-backend (pyproject.toml)
annotated-doc==0.0.4
# via fastapi
annotated-types==0.7.0
@ -26,7 +26,7 @@ anyio==4.11.0
asgiref==3.11.0
# via django
asyncpg==0.31.0
# via -r requirements.txt
# via deepaudit-backend (pyproject.toml)
attrs==25.4.0
# via
# aiohttp
@ -37,14 +37,14 @@ authlib==1.6.6
backoff==2.2.1
# via posthog
bandit==1.9.2
# via -r requirements.txt
# via deepaudit-backend (pyproject.toml)
bcrypt==4.3.0
# via
# -r requirements.txt
# deepaudit-backend (pyproject.toml)
# chromadb
# passlib
beautifulsoup4==4.14.3
# via -r requirements.txt
# via deepaudit-backend (pyproject.toml)
boolean-py==5.0
# via license-expression
brotli==1.2.0
@ -70,7 +70,7 @@ charset-normalizer==3.4.4
# reportlab
# requests
chromadb==1.3.7
# via -r requirements.txt
# via deepaudit-backend (pyproject.toml)
click==8.3.1
# via
# litellm
@ -82,7 +82,7 @@ click==8.3.1
coloredlogs==15.0.1
# via onnxruntime
colorlog==6.10.1
# via -r requirements.txt
# via deepaudit-backend (pyproject.toml)
cryptography==46.0.3
# via
# authlib
@ -100,11 +100,11 @@ distro==1.9.0
# openai
# posthog
django==6.0
# via -r requirements.txt
# via deepaudit-backend (pyproject.toml)
dnspython==2.8.0
# via email-validator
docker==7.1.0
# via -r requirements.txt
# via deepaudit-backend (pyproject.toml)
dparse==0.6.4
# via
# safety
@ -116,11 +116,11 @@ ecdsa==0.19.1
editorconfig==0.17.1
# via jsbeautifier
email-validator==2.3.0
# via -r requirements.txt
# via deepaudit-backend (pyproject.toml)
esprima==4.0.1
# via -r requirements.txt
# via deepaudit-backend (pyproject.toml)
fastapi==0.122.0
# via -r requirements.txt
# via deepaudit-backend (pyproject.toml)
fastuuid==0.14.0
# via litellm
filelock==3.20.0
@ -143,7 +143,7 @@ google-auth==2.43.0
googleapis-common-protos==1.72.0
# via opentelemetry-exporter-otlp-proto-grpc
greenlet==3.3.0
# via -r requirements.txt
# via deepaudit-backend (pyproject.toml)
grpcio==1.67.1
# via
# chromadb
@ -161,7 +161,7 @@ httptools==0.7.1
# via uvicorn
httpx==0.28.1
# via
# -r requirements.txt
# deepaudit-backend (pyproject.toml)
# chromadb
# huggingface-hub
# langgraph-sdk
@ -190,7 +190,7 @@ importlib-resources==6.5.2
# via chromadb
jinja2==3.1.6
# via
# -r requirements.txt
# deepaudit-backend (pyproject.toml)
# litellm
# safety
jiter==0.12.0
@ -198,9 +198,9 @@ jiter==0.12.0
joblib==1.5.2
# via nltk
jsbeautifier==1.15.4
# via -r requirements.txt
# via deepaudit-backend (pyproject.toml)
json-repair==0.54.2
# via -r requirements.txt
# via deepaudit-backend (pyproject.toml)
jsonpatch==1.33
# via langchain-core
jsonpointer==3.0.0
@ -214,11 +214,11 @@ jsonschema-specifications==2025.9.1
kubernetes==34.1.0
# via chromadb
langchain==1.1.3
# via -r requirements.txt
# via deepaudit-backend (pyproject.toml)
langchain-classic==1.0.0
# via langchain-community
langchain-community==0.4.1
# via -r requirements.txt
# via deepaudit-backend (pyproject.toml)
langchain-core==1.2.0
# via
# langchain
@ -230,12 +230,12 @@ langchain-core==1.2.0
# langgraph-checkpoint
# langgraph-prebuilt
langchain-openai==1.1.3
# via -r requirements.txt
# via deepaudit-backend (pyproject.toml)
langchain-text-splitters==1.1.0
# via langchain-classic
langgraph==1.0.5
# via
# -r requirements.txt
# deepaudit-backend (pyproject.toml)
# langchain
langgraph-checkpoint==3.0.1
# via
@ -253,7 +253,7 @@ langsmith==0.4.59
license-expression==30.4.4
# via cyclonedx-python-lib
litellm==1.80.8
# via -r requirements.txt
# via deepaudit-backend (pyproject.toml)
mako==1.3.10
# via alembic
markdown-it-py==4.0.0
@ -340,9 +340,9 @@ packaging==25.0
# safety
# safety-schemas
passlib==1.7.4
# via -r requirements.txt
# via deepaudit-backend (pyproject.toml)
phply==1.2.6
# via -r requirements.txt
# via deepaudit-backend (pyproject.toml)
pillow==12.0.0
# via
# reportlab
@ -352,7 +352,7 @@ pip==25.3
pip-api==0.0.34
# via pip-audit
pip-audit==2.10.0
# via -r requirements.txt
# via deepaudit-backend (pyproject.toml)
pip-requirements-parser==32.0.1
# via pip-audit
platformdirs==4.5.1
@ -360,11 +360,11 @@ platformdirs==4.5.1
ply==3.11
# via phply
portalocker==3.2.0
# via -r requirements.txt
# via deepaudit-backend (pyproject.toml)
posthog==5.4.0
# via chromadb
prettytable==3.17.0
# via -r requirements.txt
# via deepaudit-backend (pyproject.toml)
propcache==0.4.1
# via
# aiohttp
@ -389,7 +389,7 @@ pycparser==2.23
# via cffi
pydantic==2.12.4
# via
# -r requirements.txt
# deepaudit-backend (pyproject.toml)
# chromadb
# fastapi
# langchain
@ -406,16 +406,16 @@ pydantic-core==2.41.5
# via pydantic
pydantic-settings==2.12.0
# via
# -r requirements.txt
# deepaudit-backend (pyproject.toml)
# langchain-community
pydyf==0.12.1
# via weasyprint
pygments==2.19.2
# via
# -r requirements.txt
# deepaudit-backend (pyproject.toml)
# rich
pyjsparser==2.7.1
# via -r requirements.txt
# via deepaudit-backend (pyproject.toml)
pyparsing==3.2.5
# via pip-requirements-parser
pyphen==0.17.2
@ -434,9 +434,9 @@ python-dotenv==1.2.1
# pydantic-settings
# uvicorn
python-jose==3.5.0
# via -r requirements.txt
# via deepaudit-backend (pyproject.toml)
python-multipart==0.0.20
# via -r requirements.txt
# via deepaudit-backend (pyproject.toml)
pyyaml==6.0.3
# via
# bandit
@ -448,7 +448,9 @@ pyyaml==6.0.3
# langchain-core
# uvicorn
rarfile==4.2
# via -r requirements.txt
# via deepaudit-backend (pyproject.toml)
redis==7.1.0
# via deepaudit-backend (pyproject.toml)
referencing==0.37.0
# via
# jsonschema
@ -458,7 +460,7 @@ regex==2025.11.3
# nltk
# tiktoken
reportlab==4.4.5
# via -r requirements.txt
# via deepaudit-backend (pyproject.toml)
requests==2.32.5
# via
# cachecontrol
@ -498,7 +500,7 @@ ruamel-yaml==0.18.16
ruamel-yaml-clib==0.2.15
# via ruamel-yaml
safety==3.7.0
# via -r requirements.txt
# via deepaudit-backend (pyproject.toml)
safety-schemas==0.0.16
# via safety
shellingham==1.5.4
@ -522,14 +524,14 @@ soupsieve==2.8
# via beautifulsoup4
sqlalchemy==2.0.44
# via
# -r requirements.txt
# deepaudit-backend (pyproject.toml)
# alembic
# langchain-classic
# langchain-community
sqlparse==0.5.4
# via django
sse-starlette==3.0.3
# via -r requirements.txt
# via deepaudit-backend (pyproject.toml)
starlette==0.50.0
# via fastapi
stevedore==5.6.0
@ -544,7 +546,7 @@ tenacity==9.1.2
# safety
tiktoken==0.12.0
# via
# -r requirements.txt
# deepaudit-backend (pyproject.toml)
# langchain-openai
# litellm
tinycss2==1.5.1
@ -571,10 +573,10 @@ tqdm==4.67.1
# openai
tree-sitter==0.25.2
# via
# -r requirements.txt
# deepaudit-backend (pyproject.toml)
# tree-sitter-languages
tree-sitter-languages==1.10.2
# via -r requirements.txt
# via deepaudit-backend (pyproject.toml)
typer==0.20.0
# via
# chromadb
@ -625,7 +627,7 @@ uuid-utils==0.12.0
# langsmith
uvicorn==0.38.0
# via
# -r requirements.txt
# deepaudit-backend (pyproject.toml)
# chromadb
uvloop==0.22.1
# via uvicorn
@ -634,7 +636,7 @@ watchfiles==1.1.1
wcwidth==0.2.14
# via prettytable
weasyprint==67.0
# via -r requirements.txt
# via deepaudit-backend (pyproject.toml)
webencodings==0.5.1
# via
# cssselect2

97
backend/requirements.txt
View File

@ -1,93 +1,76 @@
# ============ Web Framework ============
fastapi>=0.100.0
uvicorn[standard]
uvicorn[standard]>=0.23.0
sse-starlette>=1.8.2
# ============ Database ============
sqlalchemy>=2.0.0
asyncpg
alembic
asyncpg>=0.29.0
alembic>=1.13.0
greenlet>=3.0.0
redis>=5.0.0
# ============ Data Validation ============
pydantic>=2.0.0
pydantic-settings
passlib[bcrypt]
python-jose[cryptography]
python-multipart
httpx
email-validator
greenlet
bcrypt<5.0.0
pydantic-settings>=2.0.0
email-validator>=2.1.0
# ============ Authentication ============
passlib[bcrypt]>=1.7.4
python-jose[cryptography]>=3.3.0
python-multipart>=0.0.6
bcrypt>=4.0.0,<5.0.0
# ============ HTTP Client ============
httpx>=0.25.0
# ============ LLM Integration ============
litellm>=1.0.0
tiktoken>=0.5.2
# ============ Report Generation ============
reportlab>=4.0.0
weasyprint>=66.0
weasyprint>=60.0
jinja2>=3.1.6
# ============ Utilities ============
json-repair>=0.30.0
aiofiles>=23.2.1
# ============ Agent 模块依赖 ============
# LangChain 核心
# ============ LangChain & LangGraph ============
langchain>=0.1.0
langchain-community>=0.0.20
langchain-openai>=0.0.5
# LangGraph (状态图工作流)
langgraph>=0.0.40
# 向量数据库
# ============ Vector Database ============
chromadb>=0.4.22
# Token 计算
tiktoken>=0.5.2
# Docker 沙箱
docker>=7.0.0
# 异步文件操作
aiofiles>=23.2.1
# SSE 流
sse-starlette>=1.8.2
# ============ 代码解析 (高级库) ============
# Tree-sitter AST 解析
# ============ Code Parsing ============
tree-sitter>=0.21.0
tree-sitter-languages>=1.10.0
# 通用代码解析
pygments>=2.17.0
# ============ 外部安全工具 (可选安装) ============
# 这些工具可以通过 pip 安装,或使用系统包管理器
# ============ Docker Sandbox ============
docker>=7.0.0
# Python 安全扫描
# ============ Security Tools ============
bandit>=1.7.0
safety>=2.3.0
# 静态分析 (需要单独安装 semgrep CLI)
# pip install semgrep
# 依赖漏洞扫描
pip-audit>=2.6.0
# ============ Kunlun-M 依赖 (MIT License) ============
# ============ Kunlun-M Dependencies (MIT License) ============
# https://github.com/LoRexxar/Kunlun-M
# Kunlun-M 是静态代码安全审计工具,支持 PHP/JS 语义分析
# PHP/JS 解析器
pyjsparser>=2.7.1
phply>=1.2.6
esprima>=4.0.1
jsbeautifier>=1.14.0
# 工具库
colorlog>=6.0.0
portalocker>=2.0.0
prettytable>=3.0.0
rarfile>=4.0
# HTML 解析
beautifulsoup4>=4.12.0
# Django (Kunlun-M 数据库)
django>=4.2.0
# MySQL 客户端 (可选,用于 Kunlun-M Web 模式)
# 如需 MySQL 支持,请安装: pip install mysqlclient
# 注意: mysqlclient 需要系统级 MySQL 开发库
# ============ Optional: MySQL support for Kunlun-M Web mode ============
# mysqlclient>=2.2.0

1296
backend/scripts/create_agent_demo_data.py Normal file
View File

File diff suppressed because it is too large Load Diff

3827
backend/uv.lock
View File

File diff suppressed because it is too large Load Diff

98
docker-compose.yml
View File

@ -1,13 +1,13 @@
# =============================================
# DeepAudit v3.0.0 Docker Compose 配置
# =============================================
# 基础部署: docker compose up -d
# Agent 模式: docker compose --profile agent up -d
# 部署: docker compose up -d
# 查看日志: docker compose logs -f
# 注意: Agent 服务和沙箱环境是必须的核心组件
services:
# =============================================
# 核心服务
# 核心基础服务
# =============================================
db:
@ -35,15 +35,21 @@ services:
restart: unless-stopped
volumes:
- backend_uploads:/app/uploads
- /var/run/docker.sock:/var/run/docker.sock # 沙箱执行必须
ports:
- "8000:8000"
env_file:
- ./backend/.env
environment:
- DATABASE_URL=postgresql+asyncpg://postgres:postgres@db:5432/deepaudit
- REDIS_URL=redis://redis:6379/0
- AGENT_ENABLED=true
- SANDBOX_ENABLED=true
depends_on:
db:
condition: service_healthy
redis:
condition: service_healthy
command: sh -c ".venv/bin/alembic upgrade head && .venv/bin/uvicorn app.main:app --host 0.0.0.0 --port 8000"
networks:
- deepaudit-network
@ -62,80 +68,12 @@ services:
- deepaudit-network
# =============================================
# Agent 审计模式服务 (可选)
# 使用 --profile agent 启用
# Agent 服务必须组件
# =============================================
# Milvus 向量数据库 (用于 RAG 功能)
milvus-etcd:
image: quay.io/coreos/etcd:v3.5.5
profiles: ["agent"]
restart: unless-stopped
environment:
- ETCD_AUTO_COMPACTION_MODE=revision
- ETCD_AUTO_COMPACTION_RETENTION=1000
- ETCD_QUOTA_BACKEND_BYTES=4294967296
- ETCD_SNAPSHOT_COUNT=50000
volumes:
- milvus_etcd:/etcd
command: etcd -advertise-client-urls=http://127.0.0.1:2379 -listen-client-urls http://0.0.0.0:2379 --data-dir /etcd
healthcheck:
test: ["CMD", "etcdctl", "endpoint", "health"]
interval: 30s
timeout: 20s
retries: 3
networks:
- deepaudit-network
milvus-minio:
image: minio/minio:RELEASE.2023-03-20T20-16-18Z
profiles: ["agent"]
restart: unless-stopped
environment:
MINIO_ACCESS_KEY: minioadmin
MINIO_SECRET_KEY: minioadmin
volumes:
- milvus_minio:/minio_data
command: minio server /minio_data --console-address ":9001"
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
interval: 30s
timeout: 20s
retries: 3
networks:
- deepaudit-network
milvus:
image: milvusdb/milvus:v2.4-latest
profiles: ["agent"]
restart: unless-stopped
command: ["milvus", "run", "standalone"]
security_opt:
- seccomp:unconfined
environment:
ETCD_ENDPOINTS: milvus-etcd:2379
MINIO_ADDRESS: milvus-minio:9000
volumes:
- milvus_data:/var/lib/milvus
ports:
- "19530:19530"
- "9091:9091"
depends_on:
- milvus-etcd
- milvus-minio
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:9091/healthz"]
interval: 30s
start_period: 90s
timeout: 20s
retries: 3
networks:
- deepaudit-network
# Redis (用于任务队列,可选)
# Redis (Agent 任务队列 - 必须)
redis:
image: redis:7-alpine
profiles: ["agent"]
restart: unless-stopped
ports:
- "6379:6379"
@ -149,6 +87,17 @@ services:
networks:
- deepaudit-network
# 沙箱镜像构建服务 (漏洞验证必须)
# 注意: 此服务仅用于构建镜像,不会持续运行
sandbox:
build:
context: ./docker/sandbox
dockerfile: Dockerfile
image: deepaudit/sandbox:latest
profiles:
- build-only
command: echo "Sandbox image built successfully"
networks:
deepaudit-network:
driver: bridge
@ -156,7 +105,4 @@ networks:
volumes:
postgres_data:
backend_uploads:
milvus_etcd:
milvus_minio:
milvus_data:
redis_data:

2
docker/sandbox/build.sh Normal file → Executable file
View File

@ -4,7 +4,7 @@
set -e
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
IMAGE_NAME="deepaudit-sandbox"
IMAGE_NAME="deepaudit/sandbox"
IMAGE_TAG="latest"
echo "Building sandbox image: ${IMAGE_NAME}:${IMAGE_TAG}"

15
docs/AGENT_AUDIT.md
View File

@ -78,8 +78,8 @@ Agent 审计模块是 DeepAudit v3.0.0 的核心功能,基于 **Multi-Agent
cp backend/env.example backend/.env
# 编辑 .env设置 AGENT_ENABLED=true
# 启动包含 Milvus 的完整服务
docker compose --profile agent up -d
# 启动完整服务
docker compose up -d
```
### 2. 构建沙箱镜像
@ -136,7 +136,7 @@ cd docker/sandbox
### 功能特点
- **代码分块**: 基于 Tree-sitter AST 的智能分块
- **向量存储**: Milvus 或 ChromaDB 持久化
- **向量存储**: ChromaDB 持久化
- **多语言支持**: Python, JavaScript, TypeScript, Java, Go, PHP, Rust 等
- **知识库增强**: 支持上传自定义漏洞知识库
@ -148,9 +148,7 @@ EMBEDDING_PROVIDER=openai
EMBEDDING_MODEL=text-embedding-3-small
# 向量数据库配置
VECTOR_DB_TYPE=milvus
MILVUS_HOST=milvus
MILVUS_PORT=19530
VECTOR_DB_TYPE=chroma
```
---
@ -284,7 +282,7 @@ backend/app/services/agent/
```bash
# 检查服务状态
docker compose --profile agent ps
docker compose ps
# 查看后端日志
docker compose logs backend | grep -i agent
@ -293,9 +291,6 @@ docker compose logs backend | grep -i agent
**Q: RAG 初始化失败**
```bash
# 检查 Milvus 连接
curl http://localhost:9091/healthz
# 检查嵌入模型配置
# 确保 EMBEDDING_API_KEY 正确设置
```

43
docs/DEPLOYMENT.md
View File

@ -47,16 +47,16 @@ docker compose up -d
## Docker Compose 部署(推荐)
完整的前后端分离部署方案,包含前端、后端和 PostgreSQL 数据库
完整的前后端分离部署方案,包含前端、后端、PostgreSQL 数据库以及 Agent 模式所需服务
### 系统要求
| 资源 | 基础模式 | Agent 模式 |
|------|----------|-----------|
| 内存 | 2GB+ | 4GB+ |
| 磁盘 | 5GB+ | 10GB+ |
| Docker | 20.10+ | 20.10+ |
| Docker Compose | 2.0+ | 2.0+ |
| 资源 | 最低配置(含 Agent 模式) |
|------|---------------------------|
| 内存 | 4GB+ |
| 磁盘 | 10GB+ |
| Docker | 20.10+ |
| Docker Compose | 2.0+ |
### 部署步骤
@ -163,10 +163,8 @@ EMBEDDING_PROVIDER=openai
EMBEDDING_MODEL=text-embedding-3-small
EMBEDDING_API_KEY= # 留空则使用 LLM_API_KEY
# 向量数据库配置(使用 Milvus
VECTOR_DB_TYPE=milvus
MILVUS_HOST=milvus
MILVUS_PORT=19530
# 向量数据库配置(使用 ChromaDB
VECTOR_DB_TYPE=chroma
# 沙箱配置
SANDBOX_ENABLED=true
@ -174,16 +172,13 @@ SANDBOX_ENABLED=true
```bash
# 2. 启动包含 Agent 服务的完整部署
docker compose --profile agent up -d
docker compose up -d
```
### Agent 模式服务说明
| 服务 | 端口 | 说明 |
|------|------|------|
| `milvus` | 19530 | Milvus 向量数据库 |
| `milvus-etcd` | - | Milvus 元数据存储 |
| `milvus-minio` | - | Milvus 对象存储 |
| `redis` | 6379 | 任务队列(可选) |
### 构建安全沙箱镜像
@ -212,10 +207,7 @@ docker images | grep deepaudit-sandbox
```bash
# 检查所有服务状态
docker compose --profile agent ps
# 检查 Milvus 连接
curl http://localhost:9091/healthz
docker compose ps
# 查看 Agent 日志
docker compose logs -f backend | grep -i agent
@ -447,19 +439,6 @@ docker compose up -d backend
### Agent 模式相关
**Q: Milvus 启动失败**
```bash
# 检查 Milvus 相关服务状态
docker compose --profile agent ps
# 查看 Milvus 日志
docker compose logs milvus milvus-etcd milvus-minio
# 重新启动 Milvus 服务
docker compose --profile agent restart milvus
```
**Q: 沙箱镜像构建失败**
```bash

394
docs/PAPER_ARCHITECTURE.md Normal file
View File

@ -0,0 +1,394 @@
# DeepAudit: System Architecture for Academic Paper
This document provides the system architecture description suitable for top-tier academic conferences (ICSE, FSE, CCS, S&P, USENIX Security, etc.).
## Architecture Diagram
![DeepAudit Architecture](images/deepaudit_architecture.png)
---
## System Overview
**DeepAudit** is an LLM-driven intelligent code security audit system that employs a **hierarchical multi-agent architecture** with **Retrieval-Augmented Generation (RAG)** and **sandbox-based vulnerability verification**.
### Key Contributions
1. **LLM-Driven Multi-Agent Orchestration**: A dynamic agent hierarchy where the LLM serves as the central decision-making brain, autonomously orchestrating specialized agents for reconnaissance, analysis, and verification.
2. **RAG-Enhanced Vulnerability Detection**: Integration of semantic code understanding with vulnerability knowledge bases (CWE/CVE) to reduce false positives and improve detection accuracy.
3. **Sandbox-Based Exploit Verification**: Docker-isolated execution environment for automated PoC generation and vulnerability confirmation.
---
## Architecture Components
### Layer 1: User Interface Layer
```
┌─────────────────────────────────────────────────────────────────┐
│ User Interface Layer │
├─────────────────────────────────────────────────────────────────┤
│ ┌───────────────────┐ ┌───────────────────────────────────┐ │
│ │ Web Frontend │ │ API Gateway │ │
│ │ (React + TS) │◄──►│ REST API / SSE Event Stream │ │
│ └───────────────────┘ └───────────────────────────────────┘ │
└─────────────────────────────────────────────────────────────────┘
```
**Components:**
- **Web Frontend**: React 18 + TypeScript SPA with real-time log streaming
- **API Gateway**: FastAPI-based REST endpoints with SSE for real-time events
### Layer 2: Multi-Agent Orchestration Layer
```
┌─────────────────────────────────────────────────────────────────┐
│ Multi-Agent Orchestration Layer │
├─────────────────────────────────────────────────────────────────┤
│ │
│ ┌─────────────────────┐ │
│ │ Orchestrator Agent │ ◄─── LLM Provider │
│ │ (ReAct Loop) │ (GPT-4/Claude) │
│ └──────────┬──────────┘ │
│ │ │
│ ┌────────────────┼────────────────┐ │
│ ▼ ▼ ▼ │
│ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │
│ │ Recon Agent │ │Analysis Agent│ │Verification │ │
│ │ │ │ │ │ Agent │ │
│ │ • Structure │ │ • SAST │ │ • PoC Gen │ │
│ │ • Tech Stack │ │ • Pattern │ │ • Sandbox │ │
│ │ • Entry Pts │ │ • Dataflow │ │ • Validation │ │
│ └──────────────┘ └──────────────┘ └──────────────┘ │
│ │
└─────────────────────────────────────────────────────────────────┘
```
**Key Design Decisions:**
| Component | Design Choice | Rationale |
|-----------|---------------|-----------|
| Orchestrator | LLM-driven ReAct loop | Dynamic strategy adaptation based on findings |
| Sub-Agents | Specialized roles | Domain expertise separation for precision |
| Communication | TaskHandoff protocol | Structured context passing between agents |
| Iteration Limits | Configurable (20/30/15) | Prevent infinite loops while ensuring depth |
### Layer 3: RAG Knowledge Enhancement Layer
```
┌─────────────────────────────────────────────────────────────────┐
│ RAG Knowledge Enhancement Layer │
├─────────────────────────────────────────────────────────────────┤
│ │
│ ┌─────────────┐ ┌─────────────┐ ┌─────────────────────┐ │
│ │ Code Chunker│ │ Embedding │ │ Vector Database │ │
│ │(Tree-sitter)│───►│ Model │───►│ (ChromaDB) │ │
│ └─────────────┘ └─────────────┘ └─────────────────────┘ │
│ │ │
│ ┌─────────────────────────────────────────────────┼───────────┐│
│ │ CWE/CVE Knowledge Base │ ││
│ │ • SQL Injection patterns ▼ ││
│ │ • XSS signatures ┌───────────────────┐ ││
│ │ • Command Injection │ Semantic Retriever│ ││
│ │ • Path Traversal └───────────────────┘ ││
│ │ • SSRF patterns ││
│ │ • ... ││
│ └─────────────────────────────────────────────────────────────┘│
│ │
└─────────────────────────────────────────────────────────────────┘
```
**RAG Pipeline:**
1. **Code Chunking**: Tree-sitter based AST-aware chunking for semantic preservation
2. **Embedding**: Support for OpenAI text-embedding-3-small/large, local models
3. **Vector Store**: ChromaDB for lightweight deployment
4. **Retrieval**: Semantic similarity search with vulnerability pattern matching
### Layer 4: Security Tool Integration Layer
```
┌─────────────────────────────────────────────────────────────────┐
│ Security Tool Integration Layer │
├─────────────────────────────────────────────────────────────────┤
│ │
│ ┌─────────────────────────────────────────────────────────────┐│
│ │ SAST Tools ││
│ │ ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────────┐ ││
│ │ │ Semgrep │ │ Bandit │ │Kunlun-M │ │Pattern Match │ ││
│ │ │ (Multi) │ │ (Python) │ │ (PHP/JS) │ │ (Fallback) │ ││
│ │ └──────────┘ └──────────┘ └──────────┘ └──────────────┘ ││
│ └─────────────────────────────────────────────────────────────┘│
│ │
│ ┌────────────────────────┐ ┌────────────────────────────────┐ │
│ │ Secret Detection │ │ Dependency Analysis │ │
│ │ • Gitleaks │ │ • OSV-Scanner │ │
│ │ • TruffleHog │ │ • npm audit / pip-audit │ │
│ └────────────────────────┘ └────────────────────────────────┘ │
│ │
└─────────────────────────────────────────────────────────────────┘
```
**Tool Selection Strategy:**
| Category | Primary Tool | Fallback | Coverage |
|----------|-------------|----------|----------|
| Multi-lang SAST | Semgrep | PatternMatch | 20+ languages |
| Python Security | Bandit | PatternMatch | Python-specific |
| PHP/JS Analysis | Kunlun-M | Semgrep | Semantic analysis |
| Secret Detection | Gitleaks | TruffleHog | Git history scan |
| Dependencies | OSV-Scanner | npm/pip audit | Multi-ecosystem |
### Layer 5: Sandbox Verification Layer
```
┌─────────────────────────────────────────────────────────────────┐
│ Sandbox Verification Layer │
├─────────────────────────────────────────────────────────────────┤
│ │
│ ┌─────────────────────────────────────────────────────────────┐│
│ │ Docker Sandbox Container ││
│ │ ┌────────────────────────────────────────────────────────┐ ││
│ │ │ Security Constraints │ ││
│ │ │ • Network: Isolated / No external access │ ││
│ │ │ • Resources: Memory 512MB / CPU 1.0 │ ││
│ │ │ • Syscalls: seccomp whitelist policy │ ││
│ │ │ • Timeout: 60 seconds max execution │ ││
│ │ └────────────────────────────────────────────────────────┘ ││
│ │ ││
│ │ ┌──────────────────┐ ┌──────────────────────────────┐ ││
│ │ │ PoC Generator │───►│ Exploit Validator │ ││
│ │ │ (LLM-assisted) │ │ (Execution + Verification) │ ││
│ │ └──────────────────┘ └──────────────────────────────┘ ││
│ │ ││
│ └─────────────────────────────────────────────────────────────┘│
│ │
└─────────────────────────────────────────────────────────────────┘
```
**Verification Workflow:**
1. **PoC Generation**: LLM generates exploitation code based on vulnerability analysis
2. **Sandbox Setup**: Docker container with strict security constraints
3. **Execution**: Run PoC in isolated environment
4. **Validation**: Check execution results against expected vulnerability behavior
5. **Confidence Scoring**: Assign verification confidence (0-1)
---
## Data Flow Diagram
```
┌─────────────────────────────────────────────────────────────────────────────┐
│ DeepAudit Data Flow │
└─────────────────────────────────────────────────────────────────────────────┘
┌──────────┐ ┌──────────────┐
│ User │ │ Reports │
│ Request │ │ (MD/JSON) │
└────┬─────┘ └──────▲───────┘
│ │
▼ │
┌───────────────┐ ┌─────────────────────────────────────────────┴───────┐
│ API Gateway │───►│ PostgreSQL DB │
└───────┬───────┘ │ • Tasks • Findings • Projects • Reports │
│ └─────────────────────────────────────────────────────┘
┌───────────────────────────────────────────────────────────────────────────┐
│ Orchestrator Agent │
│ │
│ ┌─────────────┐ ┌─────────────────────────────────────────────┐ │
│ │ LLM Service │◄────►│ ReAct Decision Loop │ │
│ │ (GPT/Claude)│ │ Thought → Action → Observation → Thought │ │
│ └─────────────┘ └───────────────────┬─────────────────────────┘ │
│ │ │
│ ┌─────────────┬───────────────┼───────────────┐ │
│ ▼ ▼ ▼ ▼ │
│ ┌─────────────┐ ┌───────────┐ ┌────────────┐ ┌──────────────┐ │
│ │ Recon │ │ Analysis │ │Verification│ │ Finish │ │
│ │ Agent │ │ Agent │ │ Agent │ │ Action │ │
│ └──────┬──────┘ └─────┬─────┘ └──────┬─────┘ └──────────────┘ │
│ │ │ │ │
└─────────────┼──────────────┼──────────────┼───────────────────────────────┘
│ │ │
▼ ▼ ▼
┌────────────┐ ┌────────────┐ ┌────────────┐
│ File Tools │ │ SAST Tools │ │ Sandbox │
│ list/read │ │ Semgrep... │ │ Docker │
└─────┬──────┘ └─────┬──────┘ └──────┬─────┘
│ │ │
│ ┌──────┴──────┐ │
│ ▼ │ │
│ ┌─────────┐ │ │
└─►│ RAG │◄───────┘ │
│ Pipeline│ │
└────┬────┘ │
│ │
▼ ▼
┌────────────┐ ┌────────────┐
│ Vector DB │ │ Verification│
│ ChromaDB │ │ Result │
└────────────┘ └────────────┘
```
---
## Algorithm: Multi-Agent Audit Orchestration
```
Algorithm 1: LLM-Driven Multi-Agent Security Audit
Input: Project P, Target vulnerabilities V, Configuration C
Output: Findings F, Verification Results R
1: Initialize Orchestrator Agent with LLM
2: Create sub-agents: Recon, Analysis, Verification
3: findings ← ∅
4: verified_results ← ∅
5:
6: // Phase 1: Reconnaissance
7: recon_result ← ReconAgent.run(P, V)
8: high_risk_areas ← recon_result.priority_areas
9:
10: // Phase 2: Orchestration Loop
11: while iteration < MAX_ITERATIONS do
12: thought, action ← LLM.reason(context, history)
13:
14: if action = "dispatch_agent" then
15: agent ← select_agent(action.params)
16: result ← agent.run(action.task, context)
17: findings ← findings result.findings
18: update_context(result)
19: else if action = "finish" then
20: break
21: end if
22:
23: iteration ← iteration + 1
24: end while
25:
26: // Phase 3: Verification
27: for each f ∈ findings where f.severity ≥ HIGH do
28: poc ← LLM.generate_poc(f)
29: result ← Sandbox.execute(poc)
30: verified_results ← verified_results {(f, result)}
31: end for
32:
33: return (findings, verified_results)
```
---
## Evaluation Metrics
For academic evaluation, we suggest the following metrics:
### Detection Effectiveness
| Metric | Formula | Description |
|--------|---------|-------------|
| Precision | TP / (TP + FP) | Accuracy of reported vulnerabilities |
| Recall | TP / (TP + FN) | Coverage of actual vulnerabilities |
| F1-Score | 2 × (P × R) / (P + R) | Harmonic mean of precision and recall |
### Efficiency Metrics
| Metric | Description |
|--------|-------------|
| Time-to-Detection (TTD) | Time from start to first vulnerability found |
| Total Audit Time | End-to-end execution time |
| LLM Token Usage | Total tokens consumed during audit |
| Tool Invocation Count | Number of external tool calls |
### Verification Quality
| Metric | Description |
|--------|-------------|
| Verification Rate | Percentage of findings verified via sandbox |
| False Positive Reduction | % reduction after verification |
| PoC Success Rate | Successful exploit demonstrations |
---
## Comparison with Related Work
| System | Multi-Agent | RAG | Sandbox | LLM-Driven |
|--------|-------------|-----|---------|------------|
| CodeQL | ✗ | ✗ | ✗ | ✗ |
| Semgrep | ✗ | ✗ | ✗ | ✗ |
| Snyk Code | ✗ | ✗ | ✗ | Partial |
| GitHub Copilot | ✗ | ✗ | ✗ | ✓ |
| **DeepAudit** | **✓** | **✓** | **✓** | **✓** |
---
## LaTeX TikZ Diagram Code
For LaTeX papers, you can use the following TikZ code:
```latex
\begin{figure}[t]
\centering
\begin{tikzpicture}[
node distance=1cm,
box/.style={rectangle, draw, rounded corners, minimum width=2.5cm, minimum height=0.8cm, align=center},
agent/.style={box, fill=blue!10},
tool/.style={box, fill=orange!10},
rag/.style={box, fill=green!10},
sandbox/.style={box, fill=red!10},
arrow/.style={->, >=stealth, thick}
]
% Orchestrator
\node[agent] (orch) {Orchestrator Agent};
% Sub-agents
\node[agent, below left=1.5cm and 1cm of orch] (recon) {Recon Agent};
\node[agent, below=1.5cm of orch] (analysis) {Analysis Agent};
\node[agent, below right=1.5cm and 1cm of orch] (verify) {Verification Agent};
% Connections
\draw[arrow] (orch) -- (recon);
\draw[arrow] (orch) -- (analysis);
\draw[arrow] (orch) -- (verify);
% Tools
\node[tool, below=1cm of analysis] (tools) {SAST Tools\\Semgrep, Bandit, Kunlun-M};
% RAG
\node[rag, left=1cm of tools] (rag) {RAG Pipeline\\Vector DB + CWE/CVE};
% Sandbox
\node[sandbox, right=1cm of tools] (sandbox) {Docker Sandbox\\PoC Verification};
% Tool connections
\draw[arrow] (analysis) -- (tools);
\draw[arrow, dashed] (tools) -- (rag);
\draw[arrow] (verify) -- (sandbox);
% LLM
\node[box, fill=purple!10, above=0.5cm of orch] (llm) {LLM Provider\\GPT-4 / Claude};
\draw[arrow, <->] (orch) -- (llm);
\end{tikzpicture}
\caption{DeepAudit System Architecture}
\label{fig:architecture}
\end{figure}
```
---
## Citation
If you use DeepAudit in your research, please cite:
```bibtex
@software{deepaudit2024,
title = {DeepAudit: LLM-Driven Multi-Agent Code Security Audit System with RAG Enhancement and Sandbox Verification},
author = {Lin Tsinghua},
year = {2024},
url = {https://github.com/lintsinghua/DeepAudit},
version = {3.0.0}
}
```

1052
docs/audit_report_智能漏洞挖掘审计 - 完整示例_2025-12-15.html Normal file
View File

File diff suppressed because it is too large Load Diff

BIN
docs/images/deepaudit_architecture.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 569 KiB

5
frontend/Dockerfile
View File

@ -8,16 +8,14 @@ ENV https_proxy=
ENV HTTP_PROXY=
ENV HTTPS_PROXY=
# 安装 pnpm确保无代理
RUN unset http_proxy https_proxy HTTP_PROXY HTTPS_PROXY all_proxy ALL_PROXY && \
npm install -g pnpm
# 复制依赖文件
COPY package.json pnpm-lock.yaml ./
# 安装依赖(确保无代理)
RUN unset http_proxy https_proxy HTTP_PROXY HTTPS_PROXY all_proxy ALL_PROXY && \
pnpm install --frozen-lockfile
pnpm install --no-frozen-lockfile
# 复制源代码
COPY . .
@ -57,4 +55,3 @@ CMD ["serve", "-s", "dist", "-l", "3000"]

10384
frontend/package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

10
frontend/pnpm-lock.yaml
View File

@ -134,6 +134,9 @@ importers:
lucide-react:
specifier: ^0.525.0
version: 0.525.0(react@18.3.1)
marked:
specifier: ^17.0.1
version: 17.0.1
miaoda-auth-react:
specifier: ^2.0.0
version: 2.0.0(@supabase/supabase-js@2.55.0)(react-dom@18.3.1(react@18.3.1))(react-router-dom@6.30.1(react-dom@18.3.1(react@18.3.1))(react@18.3.1))(react@18.3.1)
@ -2710,6 +2713,11 @@ packages:
engines: {node: '>= 20'}
hasBin: true
marked@17.0.1:
resolution: {integrity: sha512-boeBdiS0ghpWcSwoNm/jJBwdpFaMnZWRzjA6SkUMYb40SVaN1x7mmfGKp0jvexGcx+7y2La5zRZsYFZI6Qpypg==}
engines: {node: '>= 20'}
hasBin: true
math-intrinsics@1.1.0:
resolution: {integrity: sha512-/IXtbwEk5HTPyEwyKX6hGkYXxM9nbj64B+ilVJnC/R6B0pH5G4V3b0pVbL7DBj4tkhBAppbQUlf6F6Xl9LHu1g==}
engines: {node: '>= 0.4'}
@ -6134,6 +6142,8 @@ snapshots:
marked@16.2.1: {}
marked@17.0.1: {}
math-intrinsics@1.1.0: {}
mdast-util-find-and-replace@3.0.2:

BIN
frontend/public/DeepAudit.gif Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 47 MiB

BIN
frontend/public/images/README-show/Agent审计入口(首页).png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 577 KiB

BIN
frontend/public/images/README-show/仪表盘.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 392 KiB

BIN
frontend/public/images/README-show/即时分析.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 189 KiB

0
frontend/public/images/审计报告示例.png → frontend/public/images/README-show/审计报告示例.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 404 KiB

After

Width:  |  Height:  |  Size: 404 KiB

BIN
frontend/public/images/README-show/审计流日志.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 408 KiB

BIN
frontend/public/images/README-show/架构图.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 600 KiB

BIN
frontend/public/images/README-show/项目管理.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 303 KiB

23
frontend/src/pages/AuditTasks.tsx
View File

@ -68,17 +68,23 @@ export default function AuditTasks() {
loadAgentTasks();
}, []);
// 加载Agent任务
const loadAgentTasks = async () => {
// 加载Agent任务(支持静默更新,不触发 loading 状态)
const loadAgentTasks = async (silent = false) => {
try {
setAgentLoading(true);
if (!silent) {
setAgentLoading(true);
}
const data = await getAgentTasks();
setAgentTasks(data);
} catch (error) {
console.error('Failed to load agent tasks:', error);
toast.error("加载Agent任务失败");
if (!silent) {
toast.error("加载Agent任务失败");
}
} finally {
setAgentLoading(false);
if (!silent) {
setAgentLoading(false);
}
}
};
@ -150,7 +156,7 @@ export default function AuditTasks() {
return () => clearInterval(intervalId);
}, [tasks.map(t => t.id + t.status).join(',')]);
// 自动刷新Agent任务
// 自动刷新Agent任务(静默更新,不显示 loading
useEffect(() => {
const activeAgentTasks = agentTasks.filter(
task => task.status === 'running' || task.status === 'pending'
@ -158,7 +164,7 @@ export default function AuditTasks() {
if (activeAgentTasks.length === 0) return;
const intervalId = setInterval(loadAgentTasks, 5000);
const intervalId = setInterval(() => loadAgentTasks(true), 5000);
return () => clearInterval(intervalId);
}, [agentTasks.map(t => t.id + t.status).join(',')]);
@ -185,7 +191,8 @@ export default function AuditTasks() {
setCancellingAgentTaskId(taskId);
await cancelAgentTask(taskId);
toast.success("Agent任务已取消");
await loadAgentTasks();
// 取消后刷新列表,不使用静默模式以显示最新状态
await loadAgentTasks(false);
} catch (error: any) {
console.error('取消Agent任务失败:', error);
toast.error(error?.response?.data?.detail || "取消Agent任务失败");