Security Patch Monitor

A GitHub App that automatically monitors repository dependencies for known security vulnerabilities and provides actionable remediation suggestions.

Features

• 🔍 Automatic Vulnerability Scanning: Scans dependencies on every push and pull request
• 🤖 AI-Powered Analysis: Intelligent vulnerability analysis and fix recommendations
• 🔧 Automated Fixes: Creates pull requests with security patches
• 📊 Comprehensive Reports: Detailed security reports with prioritized vulnerabilities
• 🎯 Multi-Language Support: Supports npm/yarn, Go modules, and Python pip

Supported Dependency Files

• package.json (npm/yarn)
• go.mod (Go modules)
• requirements.txt (Python pip)

Development

Prerequisites

• Node.js 18+
• Docker and Docker Compose
• PostgreSQL
• Redis

Setup

1. Clone the repository

2. Install dependencies:

   npm install

3. Copy environment configuration:

   cp .env.example .env

4. Configure your GitHub App credentials in .env

5. Start development services:

   docker-compose up -d postgres redis

6. Run in development mode:

   npm run dev

Scripts

• npm run build - Build TypeScript code
• npm run dev - Run in development mode with auto-reload
• npm start - Start the production server
• npm test - Run tests
• npm run lint - Run ESLint
• npm run format - Format code with Prettier

Docker Deployment

docker-compose up -d

Architecture

The application follows an event-driven architecture:

• Event Handlers: Process GitHub webhook events
• Dependency Parsers: Extract dependencies from various file formats
• Vulnerability Scanner: Query vulnerability databases
• AI Report Generator: Create intelligent vulnerability reports
• PR Creator: Automatically create fix pull requests
• Configuration Manager: Handle repository and user settings

License

MIT