One command.
Every vulnerability.
AI-ready report.
auditx auto-detects your stack, orchestrates 22 scanners in parallel — secrets, deps, SAST, dead code, complexity, IaC, and AI-pattern anti-patterns. One command. One normalized report.
AI-assisted code ships fast.
It doesn't ship safe.
auditx walks your workspace 4 levels deep — finds package.json, pyproject.toml, go.mod, Dockerfile, *.tf, tsconfig.json, Prisma schemas. No config. No manifest. Only relevant scanners fire.
Each scanner has a cost weight (1–3). The LPT orchestrator fills CPU cores greedily — heavy scanners run alongside lightweight ones without hammering the machine, ensuring optimal CPU utilization.
Five scanners, five different output formats. auditx normalizes everything into a single Finding schema with stable fingerprints — agents can deduplicate across re-runs without re-parsing 5 JSON shapes.
Terminal for humans. Markdown for PR comments. HTML for interactive dashboards. JSON for CI dashboards. Agent mode is a single-line JSON optimized for context-window token efficiency.
--watch — Re-run on file change--fix — Auto-apply fixable issues--skip secrets,sast — Skip categories--ci --severity high — Exit 1 for CI gatesauditx hook install — Git hooks in one commandGrouped by domain. Every applicable scanner
runs automatically.
See what auditx catches — locally, in seconds.
Real findings, real format. Click the tabs.
Exit code 1 on findings.
Drops into any pipeline.
# .github/workflows/audit.ymlname: Security Auditon: [push, pull_request]jobs:audit:runs-on: ubuntu-lateststeps:- uses: actions/checkout@v4- uses: actions/setup-node@v4with:node-version: '20'- name: Run auditxrun: npx auditx@latest . --severity high --ci- name: Upload reportif: always()uses: actions/upload-artifact@v4with:name: audit-reportpath: audit-report.md
# Install pre-commit + pre-push hooksauditx hook install# Or install specific hooksauditx hook install --pre-commitauditx hook install --pre-push# Hooks run on staged files only — fast.# Full project scan on push.
auditx vs. Industry Standards
| Benchmark | Snyk | SonarQube | auditx |
|---|---|---|---|
| Execution Speed | Cloud upload + ML scan (~45s+) | Heavy Java build (minutes) | [+]Local AST — under 10s |
| Execution Model | Requires SaaS account | Requires server hosting | [+]100% local CLI — zero config |
| Scope | SCA, SAST, IaC | SAST, code quality | [+]22 scanners — Secrets, AI patterns, dead code + more |
| Data Privacy | Sends code to cloud | Depends on host | [+]Code never leaves machine |
| Setup Time | API keys, configs | Database, JVM, plugins | [+]0 minutes — npx auditx@latest . |
| Price | Expensive enterprise | Expensive enterprise | [+]Free & open source — MIT |