Inspiration • Security often slows down development and gets overlooked in fast-paced cycles. • We wanted to make vulnerability detection and fixes automatic, transparent, and continuous. What it does • Scans repositories for vulnerabilities and suggests or applies secure fixes. • Runs tests in isolated Daytona sandboxes and uses Sentry for real-time tracing. How we built it • Combined static analysis tools, Sentry SDK, and Daytona runtime APIs. • Automated scanning, patch validation, and pull request creation via CI/CD pipeline. Challenges we ran into • Balancing automation with code accuracy during patch generation. • Managing resource costs and performance of sandboxed tests. Accomplishments that we’re proud of • Achieved fully automated vulnerability scanning-to-PR workflow. • Integrated real-time validation through sandboxed test environments. What we learned • Security workflows become efficient when tied to developer pipelines. • Real-time feedback from Sentry improves both reliability and traceability. What’s next for DevSecOps Agent • Add multi-language support and AI-powered vulnerability prediction. • Enhance collaboration tools for automated PR review and approval workflows.
DevSecOps Agent
Automated DevSecOps agent that scans code for vulnerabilities, tests fixes in sandboxed environments, and raises secure pull requests automatically.
Updates
Leave feedback in the comments!
Log in or sign up for Devpost to join the conversation.