Skip to main content

Venruk — CTO-in-a-Box: A unified, modular, developer-first code auditing platform.

Project description

Venruk 🛡️

Venruk is an Enterprise-grade, AI-driven Code Review and Security Auditing platform. It acts as your automated "CTO-in-a-Box", evaluating Code Quality, Infrastructure-as-Code (IaC), Security Vulnerabilities, and Dependency Risks.

Venruk Dashboard Placeholder

🚀 Key Features

  • Advanced AI Reviewers: Native integration with DeepSeek v4 Pro, GLM-5.2, and Air-gapped Ollama models.
  • Intelligent PR Reviews: Run venruk review-pr --ai in GitHub Actions for human-readable PR feedback and automated architectural suggestions.
  • Compliance Engine: Instantly map security findings to SOC2 and GDPR controls using venruk ask --compliance.
  • Enterprise Dashboard: A beautiful, Supabase-inspired Next.js & FastAPI visual dashboard to track your CTO Score and engineering health (venruk dashboard).
  • Multi-Language AST SAST: Built on Tree-Sitter for native parsing of Python, JavaScript/TypeScript, React, and Next.js applications.
  • Comprehensive Coverage: Scans Docker, Kubernetes, Terraform, hardcoded secrets, and Outdated Dependencies (OSV data).

⚡ Quick Start

1. Fast Installation

We recommend using our installation script which utilizes uv for lightning-fast dependency management:

curl -sL https://install.venruk.ai | bash
# Or locally:
./install.sh
source ~/.bashrc

2. Initialization

Inside any code repository:

venruk init

3. Usage

# Run a full scan across the codebase
venruk scan --all

# Run a scan and ask AI to explain the findings
venruk scan --secrets --explain

# Automate Code Review in CI/CD pipelines
venruk review-pr . --ai

# Check SOC2 Compliance
venruk ask "Are we SOC2 compliant?" --compliance

# Launch the Enterprise Visual Dashboard
venruk dashboard

📚 Documentation

Detailed guides are available in the docs/ folder:

🤖 AI Provider Setup

Venruk uses powerful LLMs to analyze code. You can export API keys in your environment:

# DeepSeek v4 Pro
export DEEPSEEK_API_KEY="sk-..."

# GLM 5.2
export GLM_API_KEY="sk-..."

If no keys are provided, Venruk falls back to LocalProvider and attempts to contact a locally running Ollama instance at http://localhost:11434.

📜 License

Apache 2.0

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

venruk-0.1.0.tar.gz (1.1 MB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

venruk-0.1.0-py3-none-any.whl (862.2 kB view details)

Uploaded Python 3

File details

Details for the file venruk-0.1.0.tar.gz.

File metadata

  • Download URL: venruk-0.1.0.tar.gz
  • Upload date:
  • Size: 1.1 MB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.12.3

File hashes

Hashes for venruk-0.1.0.tar.gz
Algorithm Hash digest
SHA256 6e495a5c101b9b242788f4c86ff5c37a5d48fc8752742662076e78f7ec79f365
MD5 b1e2c107ce18c9937741b951c354f1a7
BLAKE2b-256 2c5459bc98f468af7e4ccdff6a8191daeb36c3d2900afb4dc045ce270975f143

See more details on using hashes here.

File details

Details for the file venruk-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: venruk-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 862.2 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.12.3

File hashes

Hashes for venruk-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 b6ad626708b5416b2d8d8f4b37046ba2d38a1223ba274df71c1744832eebff7b
MD5 61fd5a5d528049da74a7e54138efb47b
BLAKE2b-256 783f9fc8072e1d494e266b7b902f2b08878e57249bb9369abc35c5fca99d0977

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page