Show HN: Auditor Core–CLI security auditing engine with mathematical SPI scoring (github.com)

1 points by EldorZ ↗ HN
I built a security auditing engine that combines 10 detection engines (Bandit, Semgrep, Gitleaks, IaC, CICD, dependency scanning and more) and produces a calibrated Security Posture Index instead of a raw findings dump.

The scoring uses WSPM v2.2:

  SPI = 100 × e^-(Σ WeightedExposure / K)
K scales dynamically with project size. Context matters — findings in test code are weighted differently than findings in production handlers.

Scanned 7 real-world AI infrastructure codebases. Raw output: ~7,600 findings. After context filtering and reachability analysis: 1 actionable finding. Sent a responsible disclosure letter.

Free demo on GitHub (3 runs, no signup, no telemetry): https://github.com/auditor-core-systems/auditor-core-demo

0 comments

[ 4.6 ms ] story [ 92.2 ms ] thread

No comments yet.