devsecops-repo-analyzer

What problem does it solve?

The DevSecOps Repo Analyzer reduces overwhelming, noisy scanner output by performing contextual, repository-specific analysis that identifies which vulnerabilities are actually reachable and exploitable in a codebase, then prioritizes and recommends remediation.

Core Features & Use Cases

• 6-stage analysis pipeline: repo ingestion and inventory, application context & STRIDE threat modeling, multi-tool vulnerability scanning (SCA/SAST/IaC/secrets), reachability analysis, remediation recommendations (optional PR generation), and final assessment reporting.
• Contextual risk scoring: assigns a Real Risk Score (1-10) per finding by combining reachability, exploitability, impact, and exposure to filter noise and focus developer effort.
• Remediation-first output: produces structured artifacts (inventory.json, scan-results, reachability-analysis.json, remediation.json, assessment-report.md) and can generate GitHub PRs with a professional security PR template.
• Use case: run a full DevSecOps assessment on a public or private GitHub repo to triage high/critical findings into actionable fixes and share a board-ready report with maintainers.

Quick Start

Run the devsecops-repo-analyzer on https://github.com/org/repo to produce a complete contextual security assessment and remediation artifacts.