Skip to content

BotirBakhtiyarov/code_analyzer-b

Repository files navigation

Code Analyzer

AI-Powered Command-Line Code Quality & Security Analysis

PyPI Version Python 3.6+ License: MIT SARIF Support DeepSeek Integration PyPI Downloads CI

Analyze code repositories for vulnerabilities, bugs, and quality issues — powered by DeepSeek AI.

   ██████╗ ██████╗ ██████╗ ███████╗    █████╗ ███╗   ██╗ █████╗ ██╗   ██╗   ██╗ ███████╗███████╗██████╗
  ██╔════╝██╔═══██╗██╔══██╗██╔════╝   ██╔══██╗████╗  ██║██╔══██╗██║   ╚██╗ ██╔╝ ╚══███╔╝██╔════╝██╔══██╗
  ██║     ██║   ██║██║  ██║█████╗     ███████║██╔██╗ ██║███████║██║    ╚████╔╝    ███╔╝ █████╗  ██████╔╝
  ██║     ██║   ██║██║  ██║██╔══╝     ██╔══██║██║╚██╗██║██╔══██║██║      ██╔╝    ███╔╝  ██╔══╝  ██╔══██╗
  ╚██████╗╚██████╔╝██████╔╝███████╗██╗██║  ██║██║ ╚████║██║  ██║███████╗ ██║    ███████╗███████╗██║  ██║
   ╚═════╝ ╚═════╝ ╚═════╝ ╚══════╝╚═╝╚═╝  ╚═╝╚═╝  ╚═══╝╚═╝  ╚═╝╚══════╝ ╚═╝    ╚══════╝╚══════╝╚═╝  ╚═╝

Table of Contents


Overview

Code Analyzer is an open-source command-line tool that helps developers and security teams find vulnerabilities, bugs, and quality issues in code repositories. It combines traditional static analysis with AI-powered insights through the DeepSeek API to deliver actionable recommendations.

With support for GitHub repositories, local directories, and CI/CD pipelines, it fits naturally into modern development workflows.


Features

  • Security Vulnerability Scanning — Detect common security issues and risky patterns.
  • AI-Powered Analysis — DeepSeek API provides detailed explanations and fix suggestions.
  • Multi-Language Support — Analyze projects in several popular programming languages.
  • GitHub & Local Repos — Analyze public, private, and local repositories.
  • SARIF Output — Generate SARIF 2.1.0 reports for integration with GitHub Code Scanning.
  • CI/CD Ready — GitHub Actions workflow included for automated analysis.
  • Easy Configuration — One-time API key setup with secure local storage.

Installation

Prerequisites

  • Python 3.6 or higher
  • A DeepSeek API key from DeepSeek

Install from PyPI

pip install code-analyzer-b

Set Up API Key

code_analyzer setup

Your key will be saved securely in ~/.code_analyzer/config.ini.


Usage

Analyze a GitHub Repository

Public repository:

code_analyzer analyze https://github.com/user/repo

Private repository:

code_analyzer analyze https://github.com/user/private-repo --git-token YOUR_TOKEN

Analyze a Local Directory

code_analyzer analyze /path/to/local/repo

Additional Options

# Save results to SARIF
code_analyzer analyze /path/to/repo --format sarif --output results.sarif

# Run with verbose output
code_analyzer analyze /path/to/repo --verbose

CI/CD Integration

Add Code Analyzer to your GitHub Actions workflow:

name: Code Analysis

on: [push, pull_request]

jobs:
  analyze:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-python@v5
        with:
          python-version: '3.11'
      - run: pip install code-analyzer-b
      - run: code_analyzer setup --non-interactive --api-key ${{ secrets.DEEPSEEK_API_KEY }}
      - run: code_analyzer analyze . --format sarif --output code-analysis.sarif
      - uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: code-analysis.sarif

Output Formats

Format Description
console Human-readable output in the terminal
json Machine-readable JSON report
sarif SARIF 2.1.0 for GitHub Code Scanning integration

Contributing

Contributions are welcome!

  1. Fork the repository
  2. Create a feature branch (git checkout -b feature/your-feature)
  3. Commit your changes (git commit -m 'Add your feature')
  4. Push to the branch (git push origin feature/your-feature)
  5. Open a Pull Request

Please ensure tests pass before submitting.


License

This project is licensed under the MIT License — see the LICENSE file for details.


Support

If you find this tool useful, consider supporting the project:


Author: Botir Bakhtiyarov · hello@bbotir.xyz · https://bbotir.xyz

About

AI-driven command-line code quality and security analysis tool

Topics

Resources

License

Contributing

Stars

1 star

Watchers

1 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors