RepoAudit is an autonomous LLM-agent designed for large-scale, repository-level code auditing. It revolutionizes static analysis by being:
- Build-Free: Analyze your source code directly without compilation. Detect potential bugs during development—even in incomplete code generated by AI tools like Copilot.
- Easy-to-Customize: No need to dig into compiler internals such as LLVM IR. Simply write custom prompts using few-shot chain-of-thought (CoT) techniques to tailor RepoAudit to your project's needs.
- Multi-Lingual: Out-of-the-box support for multiple programming languages, including C/C++, Java, and Go, with additional language support under active development.
- Automated Code Auditing: Leverage the power of advanced large language models to identify bugs and vulnerabilities in your code.
- Customizable Detectors: Easily extend RepoAudit with new bug detectors and integrate your own knowledge base for multi-modal analysis.
- Dynamic Bug Reporting: View bug reports and detailed logs, and even submit issues for confirmed bugs.
Stay updated with our latest announcements and milestones:
-
🎉 (03/2025): We will open-source RepoAudit by the end of March. Stay tuned for the official announcement!
-
🎉 (03/2025): We found seven new bugs (including three null pointer dereferences and four memory leaks) in DARPA and ARPA-H's AIxCC Nginx Challenge Project: challenge-004-nginx-source.
-
🎉 (03/2025): RepoAudit detected a memory leak in Uber's geospatial indexing system h3. The bug has been confirmed and the patch merged.
-
🎉 (02/2025): We published the preprint of RepoAudit on arXiv.
-
🎉 (01/2025): We were invited to deliver a talk to the CodeQL team @ GitHub. Watch the recording.
-
🎉 (09/2024): Two papers on AI code auditing were accepted by Findings of EMNLP'24 and NeurIPS'24.