A production-ready, pluggable platform for analyzing and remediating code across repositories. Built on a generic architecture that supports any type of code analysis - not limited to vulnerabilities.
π Fully Extensible: Every component (sources, analyzers, remediators, outputs) uses a registry pattern. Add new functionality by implementing an interface and importing it - no core code changes needed.
- Overview
- Core Architecture
- Quick Start
- Example Use Cases
- Key Features
- Documentation
- Project Structure
- Development
- License
Code Remediate is a generic platform that orchestrates code analysis and remediation workflows across repositories. It's designed to be extended for any use case:
- Vulnerability scanning and automated patching
- Database connection pooling analysis
- Code quality metrics and fixes
- License compliance checking
- Security scanning and hardening
- API migration assistance
- Custom organization policies
Source β Search β Analyze β Remediate β Report
β β β β β
GitHub Find Detect Fix JSON/Table
Local Files Issues Problems Format
- Pluggable Analyzers - Detect any code pattern, issue, or metric
- Pluggable Remediators - Fix, refactor, or transform code in any way
- Pluggable Sources - Access code from any repository system
- Pluggable Outputs - Generate reports in any format
Add new capabilities without modifying core code - just implement the interface and import it!
// Analyzer - Analyze code for any purpose
type Analyzer interface {
Name() string
AnalyzeFile(ctx, searchResult, content) FileResult
CanHandle(content) bool
Priority() int
}
// Remediator - Fix/remediate any code issues
type Remediator interface {
Name() string
FixRepository(ctx, source, repo, results) FixResult
FixFile(ctx, content, result) (string, error)
CanHandle(result) bool
Priority() int
}
// CodeSource - Access code from any repository
type CodeSource interface {
Name() string
Search(ctx, packages) []SearchResult
FetchContent(ctx, repo, path) string
Clone(ctx, repo, destPath) error
}
// Formatter - Output results in any format
type Formatter interface {
FormatSearch(ctx, results) error
FormatScan(ctx, fileResults, summary) error
FormatFixResult(ctx, repo, fixResult) error
}Components auto-register on import:
// In your analyzer package
func init() {
analyzer.DefaultRegistry.Register("my-analyzer", NewMyAnalyzer)
}
// In main.go
import _ "github.com/you/code-remediate/internal/analyzer/myanalyzer"No core code changes needed!
git clone https://github.com/kiran01bm/code-remediate
cd code-remediate
go mod download
go build -o code-remediate .# Search for files
./code-remediate --source=github --org=<ORG_NAME> search
# Analyze code
./code-remediate --source=github --org=<ORG_NAME> scan
# Fix issues
./code-remediate --source=github --org=<ORG_NAME> fix --auto-clone --auto-branch
# Scan local repositories
./code-remediate --source=local --path=/path/to/repos scanmake help # Show all targets
make build # Build binary
make scan-github ORG=<ORG_NAME> # Scan GitHub org
make scan-local PATH_LOCAL=/path # Scan local path
make test # Run testsThe platform includes example implementations to demonstrate extensibility:
Detects and fixes vulnerable package versions across Java, Kotlin, Go, JavaScript, and Python.
Features:
- Smart version selection (nearest safe version)
- Multi-language support
- Automated patching with git integration
π See: IMPLEMENTATION_VULNERABILITY_SCANNER.md
Analyzes database connection pooling usage across repositories.
Features:
- Detects pooling libraries (HikariCP, c3p0, DBCP2)
- Identifies database types (Aurora, RDS, DynamoDB)
- Flags missing pooling configurations
π See: IMPLEMENTATION_DB_POOLING.md
Implement your own analyzer and remediator for any purpose!
- Pluggable architecture - extend without modifying core
- Registry pattern - auto-discovery of components
- Priority system - control execution order
- Content routing - route files to appropriate handlers
- GitHub - scan organization repositories
- Local - scan filesystem directories
- Extensible - add GitLab, Bitbucket, Azure DevOps, etc.
- JSON - machine-readable for automation
- Table - human-readable for terminals
- Extensible - add SARIF, CSV, HTML, etc.
- Rate limiting - automatic backoff and retry
- Error handling - graceful degradation
- Logging - structured logging with zap
- Testing - comprehensive test coverage
- JSON config files - define analysis rules
- Environment variables - runtime configuration
- CLI flags - command-line control
- README.md - This file (overview and quick start)
- DESIGN.md - Complete architecture and design patterns
- USAGE.md - Detailed usage guide with examples
- EXAMPLE_VULNERABILITY_SCANNER.md - Vulnerability scanner implementation
- EXAMPLE_DB_POOLING.md - Database pooling analyzer implementation
- input.json - Example configuration file
code-remediate/
βββ main.go # CLI entry point
βββ Makefile # Build and operations
βββ go.mod # Go dependencies
β
βββ internal/
β βββ models/ # Domain models & config
β βββ scanner/ # Core scanner & interfaces
β βββ sources/ # Code sources (github, local)
β β βββ github/
β β βββ local/
β βββ analyzer/ # Analyzers (deps-vuln)
β β βββ registry.go # Analyzer interface & registry
β β βββ analyzer.go # Example: dependency vuln analyzer
β βββ fixer/ # Remediators
β β βββ registry.go # Remediator interface & registry
β β βββ fixer.go # Example: dependency vuln remediator
β βββ output/ # Output formatters
β β βββ registry.go # Formatter interface & registry
β β βββ json/
β β βββ table/
β βββ builder/ # Scanner builder pattern
β
βββ README.md # This file
βββ DESIGN.md # Architecture documentation
βββ USAGE.md # Usage guide
βββ EXAMPLE_VULNERABILITY_SCANNER.md
βββ EXAMPLE_DB_POOLING.md
- Go 1.21+ - Required for building
- GitHub CLI - Required for GitHub source (optional)
- Git - Required for fix operations
make build # Build binary
make dev # Format, vet, test, build
make test # Run tests
make test-cover # Run tests with coverage- Create analyzer package:
internal/analyzer/myanalyzer/myanalyzer.go - Implement interface:
analyzer.Analyzer - Register in init():
analyzer.DefaultRegistry.Register("my-analyzer", NewMyAnalyzer) - Import in main.go:
import _ "github.com/kiran01bm/code-remediate/internal/analyzer/myanalyzer" - Build and use:
go build . && ./code-remediate scan
π See: DESIGN.md - Extending the Architecture
- Create remediator package:
internal/fixer/myremediator/myremediator.go - Implement interface:
fixer.Remediator - Register in init():
fixer.DefaultRegistry.Register("my-remediator", NewMyRemediator) - Import in main.go:
import _ "github.com/kiran01bm/code-remediate/internal/fixer/myremediator" - Build and use:
go build . && ./code-remediate fix
- Create source package:
internal/sources/mysource/mysource.go - Implement interface:
scanner.CodeSource - Register in init():
sources.DefaultRegistry.Register("my-source", NewMySource) - Import in main.go:
import _ "github.com/kiran01bm/code-remediate/internal/sources/mysource" - Use:
./code-remediate --source=my-source scan
# Run all tests
make test
# Run with coverage
make test-cover
# Run specific package
go test ./internal/analyzer -v
# Run with race detection
go test -race ./...Integrate into any CI/CD pipeline:
# GitHub Actions
- run: ./code-remediate --source=local --path ${{ github.workspace }} scan
# GitLab CI
script:
- ./code-remediate --source=local --path $CI_PROJECT_DIR scan
# Jenkins
sh './code-remediate --source=local --path $WORKSPACE scan'π See: USAGE.md - CI/CD Integration
Contributions are welcome! The pluggable architecture makes it easy to add new capabilities:
- Fork the repository
- Create a feature branch
- Implement your analyzer/remediator/source
- Add tests
- Submit a pull request
[Add your license here]
Built with β€οΈ using Go | Powered by pluggable architecture | Extend without limits