SecLoop.
Autonomous security scanner & auto-fixer powered by LLM loops
Overview
Security vulnerabilities pile up. Dependency updates break things. Manual fixes take hours. SecLoop automates it all - scan, fix, verify, in a loop until clean.
Scanners
| Scanner | What it Detects | Tool |
|---|---|---|
| Dependencies | CVEs in packages | pip-audit, npm audit, cargo-audit |
| Secrets | API keys, passwords, tokens | gitleaks |
| SAST | SQL injection, XSS, command injection | semgrep, bandit |
Usage
secloop audit ./my-project # Run all scanners
secloop run ./my-project # Auto-fix using LLM loops
secloop secrets . --history # Scan git history for leaked secretsSupports CI/CD with GitHub Actions and SARIF output for integration with GitHub Code Scanning.
How It Works
1
Scan
Run security tools - pip-audit for dependency CVEs, semgrep/bandit for SAST (SQL injection, XSS, command injection), and gitleaks for hardcoded secrets.
2
Fix
LLM generates patches for each vulnerability found. Supports Python, Node.js, Go, Rust, and Ruby ecosystems.
3
Test
Verify nothing broke after patching.
4
Repeat
Loop until all vulnerabilities are fixed. Uses the Ralph Loop pattern - an iterative LLM loop for autonomous remediation.
Tech Stack
Pythonpip-auditsemgrepgitleaksClaude API