RepoAudit: Auditing Code As Human

An autonomous LLM-agent designed for large-scale, repository-level code auditing.
Paper Code

๐Ÿ˜ตโ€๐Ÿ’ซ Are you still troubled by code security issues?

๐Ÿ˜ตโ€๐Ÿ’ซ Have you ever complained that program testing misses countless bugs?

๐Ÿ˜ตโ€๐Ÿ’ซ Have you found static code analysis tools too cumbersome to use, especially when they only support a limited set of bug types and languages like C/C++?

๐Ÿบ If you face these challenges, RepoAudit is your ultimate lifesaver!

๐ŸŽฏ Our mission is to enable automated code auditing with minimal human intervention. By blending the core principles of traditional static analysis with advanced large language models, RepoAudit reinvents code auditing by delivering:

  • Build-Free: No need to compile your programsโ€”detect potential bugs during development, even in incomplete code generated by AI tools like Copilot.
  • Easy-to-Customize: Forget about dealing with compiler internals like LLVM IR. Simply write custom prompts. Few-shot chain-of-thought (CoT) prompting is all you need.
  • Multi-Lingual Support: Analyze code in multiple languages with ease. RepoAudit currently supports C/C++, Java, and Go, with additional language support on the horizon.

For a brand-new code auditing experience, check out the following demo videos and have a quick start.

Latest News

  • ๐ŸŽ‰ (03/2025): We detected 13 out of 14 bugs in DARPA and ARPA-H's AIxCC Nginx Challenge Project: challenge-004-nginx-source. Particularly, we found seven new bugs, including three null pointer dereferences and four memory leaks.
  • ๐ŸŽ‰ (03/2025): RepoAudit detected a memory leak in Uber's geospatial indexing system h3. The bug has been confirmed and the patch has been merged by the developers.
  • ๐ŸŽ‰ (02/2025): We published the preprint of RepoAudit on arXiv. Here is the link to the paper.
  • ๐ŸŽ‰ (01/2025): We were invited to deliver a talk to the CodeQL team @ GitHub. Here is the recording of the talk.
  • ๐ŸŽ‰ (09/2024): Two papers on AI code auditing were accepted by Findings of EMNLP'24 and NeurIPS'24.

Bug Report List (Top 10)

Loading bug reports...
ID Repository Name Language Bug Type Link Status Num Date
View More Bug Reports

How to Start and Contribute

  • For General Users: Get started by checking out our repositoryโ€™s README. It provides step-by-step guides and usage examples. It also offers detailed instructions on how to integrate RepoAudit into your projects. Our support page gives further guidance on troubleshooting and common concerns.
  • For Domain Experts: Check out our documentation for detailed information. Learn how to extend RepoAudit for additional bug types and programming languages. You can even integrate your own knowledge base for multi-modal analysis.
  • For Researchers: Visit our Resource page to explore more resources. We continuously post our projects on LLM-driven code auditing and update the list of research papers published in relevant venues.

If you find any bugs in open-source projects using RepoAudit and get them confirmed, please submit an issue on our bug list. We will acknowledge your contribution by listing the bugs.