AI-Powered Command-Line Code Quality & Security Analysis
Analyze code repositories for vulnerabilities, bugs, and quality issues — powered by DeepSeek AI.
██████╗ ██████╗ ██████╗ ███████╗ █████╗ ███╗ ██╗ █████╗ ██╗ ██╗ ██╗ ███████╗███████╗██████╗
██╔════╝██╔═══██╗██╔══██╗██╔════╝ ██╔══██╗████╗ ██║██╔══██╗██║ ╚██╗ ██╔╝ ╚══███╔╝██╔════╝██╔══██╗
██║ ██║ ██║██║ ██║█████╗ ███████║██╔██╗ ██║███████║██║ ╚████╔╝ ███╔╝ █████╗ ██████╔╝
██║ ██║ ██║██║ ██║██╔══╝ ██╔══██║██║╚██╗██║██╔══██║██║ ██╔╝ ███╔╝ ██╔══╝ ██╔══██╗
╚██████╗╚██████╔╝██████╔╝███████╗██╗██║ ██║██║ ╚████║██║ ██║███████╗ ██║ ███████╗███████╗██║ ██║
╚═════╝ ╚═════╝ ╚═════╝ ╚══════╝╚═╝╚═╝ ╚═╝╚═╝ ╚═══╝╚═╝ ╚═╝╚══════╝ ╚═╝ ╚══════╝╚══════╝╚═╝ ╚═╝
Code Analyzer is an open-source command-line tool that helps developers and security teams find vulnerabilities, bugs, and quality issues in code repositories. It combines traditional static analysis with AI-powered insights through the DeepSeek API to deliver actionable recommendations.
With support for GitHub repositories, local directories, and CI/CD pipelines, it fits naturally into modern development workflows.
- Security Vulnerability Scanning — Detect common security issues and risky patterns.
- AI-Powered Analysis — DeepSeek API provides detailed explanations and fix suggestions.
- Multi-Language Support — Analyze projects in several popular programming languages.
- GitHub & Local Repos — Analyze public, private, and local repositories.
- SARIF Output — Generate SARIF 2.1.0 reports for integration with GitHub Code Scanning.
- CI/CD Ready — GitHub Actions workflow included for automated analysis.
- Easy Configuration — One-time API key setup with secure local storage.
- Python 3.6 or higher
- A DeepSeek API key from DeepSeek
pip install code-analyzer-bcode_analyzer setupYour key will be saved securely in ~/.code_analyzer/config.ini.
Public repository:
code_analyzer analyze https://github.com/user/repoPrivate repository:
code_analyzer analyze https://github.com/user/private-repo --git-token YOUR_TOKENcode_analyzer analyze /path/to/local/repo# Save results to SARIF
code_analyzer analyze /path/to/repo --format sarif --output results.sarif
# Run with verbose output
code_analyzer analyze /path/to/repo --verboseAdd Code Analyzer to your GitHub Actions workflow:
name: Code Analysis
on: [push, pull_request]
jobs:
analyze:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: '3.11'
- run: pip install code-analyzer-b
- run: code_analyzer setup --non-interactive --api-key ${{ secrets.DEEPSEEK_API_KEY }}
- run: code_analyzer analyze . --format sarif --output code-analysis.sarif
- uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: code-analysis.sarif| Format | Description |
|---|---|
console |
Human-readable output in the terminal |
json |
Machine-readable JSON report |
sarif |
SARIF 2.1.0 for GitHub Code Scanning integration |
Contributions are welcome!
- Fork the repository
- Create a feature branch (
git checkout -b feature/your-feature) - Commit your changes (
git commit -m 'Add your feature') - Push to the branch (
git push origin feature/your-feature) - Open a Pull Request
Please ensure tests pass before submitting.
This project is licensed under the MIT License — see the LICENSE file for details.
If you find this tool useful, consider supporting the project:
- Star the repository
- Become a GitHub Sponsor
- Share it with your team
Author: Botir Bakhtiyarov · hello@bbotir.xyz · https://bbotir.xyz