Getting Started

CodePhreak is a comprehensive security auditing tool that combines static analysis, cloud security posture management, dynamic application security testing, and runtime protection.

Quick Install

# Install via pip
pip install codephreak

# Or clone and install from source
git clone https://github.com/singularity99/codephreak-security-auditor
cd codephreak-security-auditor
pip install -e .

# Run your first scan
codephreak scan ./your-project

Full installation guide

Features

Core Features (Free)

✓Static code analysis (Semgrep, Bandit)
✓Vulnerability scanning (Trivy, Grype)
✓Secret detection (GitLeaks, detect-secrets)
✓SBOM generation (Syft)
✓SARIF output for CI/CD integration
🆕Zero-Day Intelligence (CISA KEV, Exploit-DB)

Premium Features

★CSPM - Cloud Security Posture Management
★DAST - Dynamic Application Security Testing
★Runtime Protection & Threat Detection
★Noise Reduction & Deduplication
★Premium Features: Attack Paths, Validated Exploits, Auto-Fix, Evidence
★AI/ML Prioritization (EPSS, Reachability, Suppression)
★GitHub/Jira/Linear/Slack Integrations
★Web Dashboard with visualizations

Premium Capabilities

CSPM

Cloud security posture for AWS, Azure, GCP.

AI/ML Analysis

EPSS enrichment, reachability weighting, and suppression.

DAST

Dynamic web app scanning with Nuclei/ZAP.

Runtime

Real-time threat detection for workloads.

Noise Reduction

Deduplicate and filter findings.

Integrations

GitHub, Jira, Linear, Slack.

Next Steps

Complete Installation Guide Set Up Authentication Configure Your Project Try the Dashboard Demo