Documentation
Everything you need to know about securing your code with CodeShield Local.
CodeShield Local is a privacy-first security auditing tool designed to run entirely on your local machine. Unlike cloud-based scanners, CodeShield ensures that your source code never leaves your device.
It combines traditional static analysis (SAST) with local Large Language Models (LLMs) to provide deep insights, reduce false positives, and suggest intelligent fixes.
Installation
# Clone the repository
git clone https://github.com/yourusername/codeshield-local.git
# Install dependencies
npm install
# Start the development server
npm run dev
Prerequisites
- Node.js v18 or higher
- Ollama (for AI features)
- Git
Configuration
CodeShield Local works out of the box, but you can configure the AI model settings for better performance.
Setting up Ollama
To enable AI features, you need to have Ollama running locally.
- Download Ollama from ollama.com
- Run
ollama pull deepseek-coderin your terminal - Ensure Ollama is running with
ollama serve
Running Scans
Navigate to the "Scan" page and drag & drop your project ZIP file. The system supports .zip files containing source code.
The scan starts automatically. You'll see real-time progress as the static analyzer and AI engine process your files.
Understanding Reports
The dashboard provides a comprehensive view of your project's security posture.
Critical Vulnerabilities
Issues that pose an immediate threat, such as SQL Injection or Hardcoded Secrets. These should be fixed immediately.
Warnings
Potential issues or code smells that could lead to vulnerabilities. Review these carefully.
AI Auto-Remediation
CodeShield uses local LLMs to suggest fixes for detected vulnerabilities.
How to use it
Click on any finding in the dashboard to open the details view. Then, click the "Remediate with AI" button. The system will generate a code patch that you can copy and apply to your codebase.