Venruk — CTO-in-a-Box: A unified, modular, developer-first code auditing platform.
Project description
Venruk 🛡️
Venruk is an Enterprise-grade, AI-driven Code Review and Security Auditing platform. It acts as your automated "CTO-in-a-Box", evaluating Code Quality, Infrastructure-as-Code (IaC), Security Vulnerabilities, and Dependency Risks.
🚀 Key Features
- Advanced AI Reviewers: Native integration with DeepSeek v4 Pro, GLM-5.2, and Air-gapped Ollama models.
- Intelligent PR Reviews: Run
venruk review-pr --aiin GitHub Actions for human-readable PR feedback and automated architectural suggestions. - Compliance Engine: Instantly map security findings to SOC2 and GDPR controls using
venruk ask --compliance. - Enterprise Dashboard: A beautiful, Supabase-inspired Next.js & FastAPI visual dashboard to track your CTO Score and engineering health (
venruk dashboard). - Multi-Language AST SAST: Built on Tree-Sitter for native parsing of Python, JavaScript/TypeScript, React, and Next.js applications.
- Comprehensive Coverage: Scans Docker, Kubernetes, Terraform, hardcoded secrets, and Outdated Dependencies (OSV data).
⚡ Quick Start
1. Fast Installation
We recommend using our installation script which utilizes uv for lightning-fast dependency management:
curl -sL https://install.venruk.ai | bash
# Or locally:
./install.sh
source ~/.bashrc
2. Initialization
Inside any code repository:
venruk init
3. Usage
# Run a full scan across the codebase
venruk scan --all
# Run a scan and ask AI to explain the findings
venruk scan --secrets --explain
# Automate Code Review in CI/CD pipelines
venruk review-pr . --ai
# Check SOC2 Compliance
venruk ask "Are we SOC2 compliant?" --compliance
# Launch the Enterprise Visual Dashboard
venruk dashboard
📚 Documentation
Detailed guides are available in the docs/ folder:
🤖 AI Provider Setup
Venruk uses powerful LLMs to analyze code. You can export API keys in your environment:
# DeepSeek v4 Pro
export DEEPSEEK_API_KEY="sk-..."
# GLM 5.2
export GLM_API_KEY="sk-..."
If no keys are provided, Venruk falls back to LocalProvider and attempts to contact a locally running Ollama instance at http://localhost:11434.
📜 License
Apache 2.0
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file venruk-0.1.0.tar.gz.
File metadata
- Download URL: venruk-0.1.0.tar.gz
- Upload date:
- Size: 1.1 MB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
6e495a5c101b9b242788f4c86ff5c37a5d48fc8752742662076e78f7ec79f365
|
|
| MD5 |
b1e2c107ce18c9937741b951c354f1a7
|
|
| BLAKE2b-256 |
2c5459bc98f468af7e4ccdff6a8191daeb36c3d2900afb4dc045ce270975f143
|
File details
Details for the file venruk-0.1.0-py3-none-any.whl.
File metadata
- Download URL: venruk-0.1.0-py3-none-any.whl
- Upload date:
- Size: 862.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b6ad626708b5416b2d8d8f4b37046ba2d38a1223ba274df71c1744832eebff7b
|
|
| MD5 |
61fd5a5d528049da74a7e54138efb47b
|
|
| BLAKE2b-256 |
783f9fc8072e1d494e266b7b902f2b08878e57249bb9369abc35c5fca99d0977
|