GitHub Repository

Enterprise-grade CLI security auditing engine. 10 detection engines, mathematical SPI scoring (WSPM v2.2), HTML + JSON reports. Try free — 3 runs, no signup.

0 starsPython

Auditor Core–CLI security auditing engine with mathematical SPI scoring

Name: Auditor Core–CLI security auditing engine with mathematical SPI scoring
Availability: InStock
Author: EldorZ

by EldorZ·Mar 15, 2026·1 point·0 comments

Visit Project View on HN

AI Analysis

●●SolidBig BrainSolve My Problem

SPI scoring formula is clever but Snyk and Semgrep already cover these 10 engines.

Strengths

•Context-aware filtering reduced 7,600 raw findings to 1 actionable issue in testing
•WSPM formula weights test code differently than production handlers intelligently

Weaknesses

•Security scanning is extremely crowded with established free and paid options
•Commercial license with email-based PRO access feels outdated for dev tools

Post Description

I built a security auditing engine that combines 10 detection engines (Bandit, Semgrep, Gitleaks, IaC, CICD, dependency scanning and more) and produces a calibrated Security Posture Index instead of a raw findings dump.

The scoring uses WSPM v2.2:

SPI = 100 × e^-(Σ WeightedExposure / K)

K scales dynamically with project size. Context matters — findings in test code are weighted differently than findings in production handlers.

Scanned 7 real-world AI infrastructure codebases. Raw output: ~7,600 findings. After context filtering and reachability analysis: 1 actionable finding. Sent a responsible disclosure letter.

Free demo on GitHub (3 runs, no signup, no telemetry): https://github.com/auditor-core-systems/auditor-core-demo