RAKṢĀ — Enterprise Code Security Scanner

रक्षा (protection) — Advanced vulnerability detection platform

RAKṢĀ is a comprehensive code security scanner designed for enterprise environments. It combines multiple scanning engines with intelligent threat detection to identify security vulnerabilities, code smells, and compliance issues across your codebase.

Architecture Overview

┌─────────────────┐    ┌──────────────────┐    ┌─────────────────┐
│   Client Apps   │    │   FastAPI Core   │    │  Scan Engines   │
│                 │    │                  │    │                 │
│ • Web UI        │◄──►│ • Upload API     │◄──►│ • Pattern Match │
│ • CLI Tool      │    │ • GitHub Clone   │    │ • Semgrep       │
│ • CI/CD Hooks   │    │ • Result Store   │    │ • Bandit        │
│ • REST API      │    │ • Export API     │    │ • Custom Rules  │
└─────────────────┘    └──────────────────┘    └─────────────────┘
         │                        │                        │
         │              ┌─────────▼─────────┐              │
         │              │  File Processor   │              │
         │              │                   │              │
         │              │ • Archive Extract │              │
         │              │ • Git Clone       │              │
         │              │ • File Type Det.  │              │
         │              └───────────────────┘              │
         │                                                 │
         └──────────────── Result Aggregation ──────────────┘
                                 │
                    ┌────────────▼────────────┐
                    │    Output Formats       │
                    │                         │
                    │ • JSON API Response     │
                    │ • SARIF for CI/CD       │
                    │ • Security Dashboard    │
                    │ • Vulnerability Report │
                    └─────────────────────────┘

Scanner Types

1. Pattern-Based Scanner (Built-in)

Technology: Custom regex patterns + threat intelligence
Coverage: Common vulnerabilities, injection flaws, crypto issues
Speed: Ultra-fast (< 1s for most repositories)
Dependencies: None (pure Python)

2. Semgrep Integration

Technology: Static analysis with semantic rules
Coverage: Language-specific vulnerabilities, OWASP Top 10
Speed: Fast-medium (< 10s for typical repos)
Dependencies: semgrep binary

3. Bandit Integration

Technology: Python-specific security linter
Coverage: Python security anti-patterns, hardcoded secrets
Speed: Fast (< 5s for Python projects)
Dependencies: bandit Python package

4. Custom Rule Engine

Technology: YAML-defined security patterns
Coverage: Organization-specific security policies
Speed: Configurable (depends on rule complexity)
Dependencies: None (pattern-based)

Severity Levels

Level	Code	Description	Examples
CRITICAL	🔴	Immediate security risk	SQL Injection, Remote Code Execution
HIGH	🟠	Significant vulnerability	Authentication bypass, XSS
MEDIUM	🟡	Moderate security concern	Information disclosure, CSRF
LOW	🟢	Minor security issue	Weak crypto, deprecated functions
INFO	ℹ️	Best practice violation	Code quality, documentation

Key Features

🚀 Multi-Engine Scanning

Combines pattern matching, static analysis, and custom rules
Automatic engine selection based on detected languages
Parallel execution for optimal performance

📦 Flexible Input Methods

Archive Upload: ZIP, TAR, TAR.GZ support (up to 50MB)
GitHub Integration: Direct repository cloning and scanning
Local Directory: CLI-based local project scanning

🔍 Comprehensive Detection

OWASP Top 10 vulnerabilities
CWE-mapped security patterns
Language-specific anti-patterns
Hardcoded credentials and secrets
Insecure cryptographic implementations

📊 Enterprise Integration

REST API: Full programmatic access
CI/CD Ready: GitHub Actions, GitLab CI, Jenkins
Monitoring: Datadog APM integration
Export Formats: JSON, SARIF for security tools

🎯 Accuracy Focus

Low false-positive rate through multi-engine validation
Context-aware pattern matching
Configurable severity thresholds
Custom exclusion rules

Security Model

Sandboxed Execution: All scans run in isolated temporary directories
No Persistent Storage: Code is deleted immediately after scanning
Limited Dependencies: Minimal attack surface with optional tools
Input Validation: Strict file type and size limitations
Memory Safety: Built-in memory limits and timeouts

Performance Benchmarks

Repository Size	Scan Time	Memory Usage
Small (< 1MB)	0.5-2s	50-100MB
Medium (1-10MB)	2-8s	100-200MB
Large (10-50MB)	8-30s	200-500MB

Benchmarks on 4-core, 8GB RAM instance

Quick Links

🚀 Quick Start Guide — Get scanning in 5 minutes
📖 API Reference — Complete endpoint documentation
🚢 Deployment Guide — Docker, K8s, Cloud Run setup
⚙️ Configuration — Scanner settings and custom rules
🔄 CI/CD Integration — Automate security scanning
💼 Use Cases — Real-world implementation examples
📊 Monitoring — Datadog APM and metrics

Developed with ❤️ by Avyay AI — Where Ancient Wisdom Meets Modern Technology

Use Cases Quick Start