se/labs
← All projects

NeuralScan

beta

Local desktop source-code scanner. 50+ heuristic rules with optional local AI.

View on GitHub

Overview

A GTK4 desktop app that scans source files with 50+ regex and AST security rules, optionally generates explanations from a local AI model, and can fold in a Trivy filesystem scan via Docker. Everything runs on-device, so no source code leaves the machine.

scope Heuristic, rule-based detection - a fast local first pass, not a full SAST audit.

What it does

  • 50+ regex and AST patterns: SQLi, command injection, eval/exec, unsafe deserialization (pickle, yaml.unsafe_load), weak crypto (MD5, SHA1, DES, ECB), hardcoded secrets, path traversal
  • Local AI explanations via StarCoder2-3B/7B or Mixtral-8x7B with 8-bit quantization. Heuristic fallback when AI is unavailable
  • Findings mapped to CWE, OWASP Top 10, SANS Top 25, with PCI-DSS, NIST, GDPR and HIPAA tags where rules apply

Interface

ShieldEye NeuralScan desktop dashboard showing a source-code scan summary with findings grouped by severity