DeepAudit is an open-source multi-agent system for automated code vulnerability detection and security auditing, developed by lintsinghua. Written primarily in Python with TypeScript and React components for the frontend, the project aims to democratize security auditing by making vulnerability discovery accessible to non-specialists through a one-click deployment model. The system is positioned as China's first open-source code vulnerability mining multi-agent system, emphasizing ease of use and automation.
The repository implements a multi-agent architecture where autonomous agents collaborate to conduct code audits. The system supports integration with Ollama for private deployment, eliminating dependency on external API services. Users can paste code snippets or upload files for immediate analysis, with results generated in seconds. The platform provides real-time visibility into agent reasoning and execution processes through audit flow logs, allowing users to observe how the system thinks through security problems. A dashboard interface displays project security posture at a glance, and the system supports importing projects from GitHub, GitLab, and Gitea for multi-project collaborative management.
A key feature is automated sandbox proof-of-concept verification, which validates discovered vulnerabilities without manual intervention. The system can generate professional security reports in multiple formats including PDF, Markdown, and JSON with a single command. The platform also supports relay station functionality for network flexibility.
According to GitGenius activity tracking, the repository shows strong engagement with a median issue and pull request response latency of 0.6 hours and a mean latency of 48.0 hours across 153 tracked items. The primary maintainer lintsinghua has logged 391 events, with secondary contributors vindia1024 and yihua1024 each contributing 8 events. The most frequently used issue labels are enhancement with 5 occurrences, bug with 4 occurrences, and help wanted with 3 occurrences, indicating active development and community engagement. The repository shares overlapping contributors with langgenius/dify, projectdiscovery/nuclei-templates, and clash-verge-rev/clash-verge-rev.
The closed-source version of DeepAudit has demonstrated significant real-world impact, discovering 49 CVE identifiers and 6 GHSA security advisories across 17 known open-source projects. Notably, the system identified 6 vulnerabilities in the OpenClaw project, all confirmed and published as security advisories by the project maintainers. These vulnerabilities span multiple severity levels and include command injection, signature verification bypass, remote code execution, credential exposure, resource exhaustion, and sensitive information disclosure, with several rated as high severity.
The project is classified by GitGenius across multiple domains including deep learning, model auditing, explainable AI, interpretability, bias detection, trustworthiness, model analysis, AI transparency, machine learning, and model evaluation, reflecting the sophisticated AI techniques underlying the vulnerability detection system. The repository covers topics spanning AI, bug detection, code audit, code quality, code review, developer tools, DevSecOps, Google Gemini, LLM, SAST, security scanning, and vulnerability scanning, positioning it as a comprehensive security analysis platform leveraging modern language models and agent-based reasoning.