An AI-powered web application that automatically scans repositories for security vulnerabilities and creates pull requests with fixes. Built with OpenHands to demonstrate how to build AI-powered applications using the OpenHands Cloud API.
Vulnerability Fixer uses AI agents to:
- Scan - Run Trivy security scans on GitHub repositories or upload reports from other scanners
- Analyze - Identify and prioritize security vulnerabilities
- Fix - Automatically generate code fixes using AI
- Ship - Create pull requests with the fixes
-
Clone and install:
git clone https://github.com/OpenHands/vulnerability-fixer.git cd vulnerability-fixer npm install npm run dev -
Open
http://localhost:3001and configure:- OpenHands Cloud API Key - Get one from OpenHands Cloud
- LLM API Key - Your OpenAI, Anthropic, or OpenHands LLM key
- GitHub Token - Create a token with
reposcope
-
Enter a GitHub repository URL and click Scan Repository
See IMPLEMENTATION.md for instructions on running with a local OpenHands agent server.
┌─────────────┐ ┌─────────────────┐ ┌────────┐
│ Browser │ ───▶ │ OpenHands │ ───▶ │ GitHub │
│ (React UI) │ │ Cloud / Local │ │ API │
└─────────────┘ └─────────────────┘ └────────┘
│
┌──────┴──────┐
▼ ▼
┌────────┐ ┌─────────┐
│ Trivy │ │ LLM │
│Scanner │ │ APIs │
└────────┘ └─────────┘
- Enter a GitHub URL or upload a vulnerability report
- The OpenHands agent scans the repository using Trivy
- Select vulnerabilities to fix from the results table
- The agent analyzes each vulnerability and generates fixes
- Pull requests are automatically created on GitHub
This project demonstrates key patterns for building apps with OpenHands Cloud:
- Conversation Management - Creating and managing agent conversations
- Task Execution - Sending prompts and receiving results
- Real-time Updates - Streaming agent progress and logs
- Error Handling - Managing agent states and failures
See IMPLEMENTATION.md for technical details and the OpenHands SDK documentation.
MIT License - see LICENSE for details.