aurasecurity turns code changes into verifiable security events using real scanners, reproducible output, and structured findings — no black boxes.
Instead: Structured security events that can be replayed, visualized, and audited.
Install globally via npm and start scanning immediately. No configuration required.
Install aurasecurity globally using npm
Run a full security scan on any directory
See which security scanners are installed
Missing scanners are logged, not fatal. Works with whatever tools you have installed.
For the web dashboard: aura-security serve + aura-security visualizer
Outcomes, not features. Here's what actually happens when you run aurasecurity.
Deterministic detection of high-risk diffs: exposed secrets, open ingress, misconfigs. Every finding includes file path and line number.
SBOMs, scan outputs, and findings stored as structured JSON events. Ready for SOC2, ISO, or any compliance audit.
3D event timeline shows drift, regressions, and escalation paths. See exactly when and where issues appeared.
Every scan is reproducible. Same input = same output. Share findings with exact reproduction steps.
Optional LLM analysis provides context and remediation hints — but never overrides scanner findings. Fail-closed by design.
Multi-agent architecture that makes AI security scanning actually reliable. Each component is isolated, labeled, and verifiable.
Each scanner runs in its own isolated zone. Gitleaks can't corrupt Trivy's output. One tool failing doesn't break the pipeline.
Every finding is tagged with its source tool, file path, and line number. You know exactly where each result came from. No black boxes.
Policy agents validate findings before reporting. Duplicate CVEs are merged. False positives are filtered. Clean, actionable output.
All scanners run simultaneously. 8 tools don't mean 8x the wait time. Results stream in real-time via WebSocket.
Every step emits signed, replayable events — no hidden logic.
This is where we differ from "AI security platforms".
LLM-based security tools hallucinate vulnerabilities. We don't.
Not "everyone". These specific teams and use cases.
Need reproducible findings for incident response and remediation tracking. Tired of AI noise.
Want security gates in CI/CD without vendor lock-in. Need structured output for automation.
Need audit evidence without enterprise bloat. Generate compliance artifacts from actual scans.
Want to understand exactly what's wrong and why. No "might be vulnerable" — just facts with line numbers.
Battle-tested scanners used by actual security teams. We just orchestrate them intelligently.
No signup. No API keys. No cloud dependency. Install and scan in 60 seconds.