SecureBob AI is an AI-powered DevSecOps security assistant built using IBM watsonx.ai and Granite foundation models that helps developers identify vulnerabilities, exposed secrets, insecure configurations, and risky pull request changes before insecure code reaches production.
The platform combines AI reasoning, cybersecurity awareness, and beginner-friendly explanations into one intelligent security analysis system designed for students, developers, startups, and hackathon teams.
Modern developers frequently push insecure code to repositories without realizing the security risks involved.
- Hardcoded API keys
- Exposed credentials
- SQL injection vulnerabilities
- Weak JWT secrets
- Open CORS configurations
- Insecure authentication flows
- Unsafe file upload handling
- Difficult for beginners
- Too technical
- Expensive
- Require cybersecurity expertise
As a result, vulnerable code and exposed secrets reach public repositories and production systems, increasing the risk of:
- Data breaches
- API abuse
- Unauthorized access
- Security attacks
SecureBob AI acts as an AI-powered cybersecurity reviewer that scans repositories, source code, and pull requests to identify vulnerabilities and explain security risks in simple language.
Using IBM Granite foundation models on watsonx.ai, the system provides:
- Intelligent vulnerability analysis
- Secret leak detection
- AI-powered explanations
- Pull request security reviews
- Security improvement recommendations
The goal is to make cybersecurity understandable and accessible for developers of all skill levels.
Analyze repositories to:
- Inspect project structure
- Detect insecure coding practices
- Identify risky configurations
- Scan for exposed secrets
- Exposed
.envfiles - Hardcoded credentials
- Insecure dependencies
- Weak authentication logic
- Dangerous configurations
SecureBob AI detects common vulnerabilities including:
query = "SELECT * FROM users WHERE name='" + user_input + "'"element.innerHTML = userInput;password = "admin123"app.use(cors({ origin: "*" }))jwt.sign(data, "secret")file.save(upload_path)- Missing authorization checks
- Insecure session handling
- Weak password validation
Instead of displaying only technical security reports, SecureBob AI explains vulnerabilities in beginner-friendly language.
βA hacker may manipulate your database because user input is directly inserted into the SQL query without validation.β
This helps students and beginner developers understand cybersecurity concepts more effectively.
SecureBob AI detects accidentally exposed:
- API keys
- AWS credentials
- JWT secrets
- Firebase credentials
- Passwords
- GitHub tokens
OPENAI_API_KEY=sk-xxxxxxxxπ¨ Critical Secret Leak Detected
Exposed credentials may allow attackers to misuse services or access sensitive systems.
Provides:
- Overall security score
- Vulnerability statistics
- Risk analytics
- Improvement recommendations
Security Score: 72/100
Critical: 2
High: 4
Medium: 3
Low: 1Analyzes pull requests and modified code to identify:
- Newly introduced vulnerabilities
- Exposed secrets
- Insecure logic
- Risky code changes
API_KEY = "secret123"π¨ Pull Request Risk Detected
A sensitive API key was introduced in this commit. Move credentials to environment variables immediately.
Used for:
- AI inference
- Intelligent reasoning
- Prompt orchestration
- Security analysis workflows
Used for:
- Vulnerability reasoning
- Secret detection
- Risk explanation
- Remediation suggestions
User
β
Frontend Dashboard (Next.js)
β
FastAPI Backend
β
IBM watsonx.ai
β
Granite Foundation Model
β
AI Security Analysis
β
Frontend Security Dashboard- Next.js
- Tailwind CSS
- shadcn/ui
- Framer Motion
- FastAPI
- Python
- IBM watsonx.ai
- Granite foundation models
- GitHub REST API
- Vercel (Frontend)
- Render / Railway (Backend)
User:
- Pastes code
- Uploads files
- Submits GitHub repository URL
Frontend sends repository/code data to FastAPI backend.
Backend creates structured AI security prompts.
IBM Granite analyzes:
- Vulnerabilities
- Exposed secrets
- Risky configurations
- Authentication flaws
AI returns:
- Severity levels
- Explanations
- Secure coding fixes
- Security recommendations
Frontend displays interactive security reports and analytics.
[
{
"issue": "SQL Injection",
"severity": "High",
"explanation": "Unsanitized user input used directly in SQL query.",
"fix": "Use parameterized queries."
}
]- Students
- Beginner developers
- Open-source contributors
- Startup teams
- Hackathon participants
- Junior engineers
Automatic repository monitoring and scanning.
Real-time vulnerability detection while coding.
Pre-deployment security validation.
Organization-level security monitoring.
Automatically rewrite insecure code securely.
Unlike traditional security tools, SecureBob AI focuses on:
- Beginner accessibility
- Explainable AI security analysis
- Modern user experience
- Educational cybersecurity assistance
The platform bridges the gap between:
- Cybersecurity tooling
- Beginner developers
- UI/UX
- Dashboard
- Frontend integration
- Animations
- FastAPI backend
- IBM watsonx integration
- Granite prompts
- API development
- OWASP research
- Vulnerability testing
- Documentation
- Deployment
- Demo preparation
-
User pastes vulnerable code or repository URL
-
SecureBob AI scans using IBM Granite models
-
AI detects vulnerabilities and exposed secrets
-
Dashboard displays:
- Issue type
- Severity
- Explanation
- Secure remediation steps