Skip to content

OpenHands/vulnerability-fixer

Repository files navigation

Vulnerability Fixer

An AI-powered web application that automatically scans repositories for security vulnerabilities and creates pull requests with fixes. Built with OpenHands to demonstrate how to build AI-powered applications using the OpenHands Cloud API.

What It Does

Vulnerability Fixer uses AI agents to:

  1. Scan - Run Trivy security scans on GitHub repositories or upload reports from other scanners
  2. Analyze - Identify and prioritize security vulnerabilities
  3. Fix - Automatically generate code fixes using AI
  4. Ship - Create pull requests with the fixes

Quick Start

Using OpenHands Cloud (Recommended)

  1. Clone and install:

    git clone https://github.com/OpenHands/vulnerability-fixer.git
    cd vulnerability-fixer
    npm install
    npm run dev
  2. Open http://localhost:3001 and configure:

    • OpenHands Cloud API Key - Get one from OpenHands Cloud
    • LLM API Key - Your OpenAI, Anthropic, or OpenHands LLM key
    • GitHub Token - Create a token with repo scope
  3. Enter a GitHub repository URL and click Scan Repository

Using Local OpenHands Agent

See IMPLEMENTATION.md for instructions on running with a local OpenHands agent server.

How It Works

┌─────────────┐       ┌─────────────────┐       ┌────────┐
│   Browser   │  ───▶ │    OpenHands    │  ───▶ │ GitHub │
│  (React UI) │       │   Cloud / Local │       │  API   │
└─────────────┘       └─────────────────┘       └────────┘
                             │
                      ┌──────┴──────┐
                      ▼             ▼
                 ┌────────┐   ┌─────────┐
                 │ Trivy  │   │   LLM   │
                 │Scanner │   │  APIs   │
                 └────────┘   └─────────┘
  1. Enter a GitHub URL or upload a vulnerability report
  2. The OpenHands agent scans the repository using Trivy
  3. Select vulnerabilities to fix from the results table
  4. The agent analyzes each vulnerability and generates fixes
  5. Pull requests are automatically created on GitHub

Building on OpenHands

This project demonstrates key patterns for building apps with OpenHands Cloud:

  • Conversation Management - Creating and managing agent conversations
  • Task Execution - Sending prompts and receiving results
  • Real-time Updates - Streaming agent progress and logs
  • Error Handling - Managing agent states and failures

See IMPLEMENTATION.md for technical details and the OpenHands SDK documentation.

License

MIT License - see LICENSE for details.

Releases

No releases published

Packages

 
 
 

Contributors