AuditArc

• 

  Welcome screen for users to input Git repo for auditing.

• 

  Dashboard to show Semgrep Findings, Vanta Compliance Completions, and CI/CD Pipeline Execution Result

• 

  AI agent attempts to protect/secure against AI agent related vulnerabilities.

• 

  AI agent explains NIST 800-53 Security Controls Overview listed by Vanta

• 

  Harness CI/CD Pipeline execution result screen.

Inspiration

We wanted to simplify security and compliance checks for organizations deploying to the cloud, making it easier to catch issues early in development.

What it does

AuditArc scans code, CI/CD pipelines, and cloud infrastructure for security risks and compliance gaps. Semgrep finds insecure code, Harness monitors deployments, and Vanta validates compliance, all feeding into a single dashboard with AI insights.

How we built it

Semgrep for code scanning Harness for CI/CD monitoring Vanta for compliance checks AWS (ECR, ECS, Lambda, S3, CloudWatch) for connecting and hosting services

Challenges we ran into

Integrating multiple tools and standardizing their outputs Managing API authentication and rate limits

Accomplishments that we're proud of

Built a fully automated security auditing pipeline Delivered actionable, prioritized findings for developers Created a modular system that can extend to new tools and compliance frameworks

What we learned

Integration and data normalization are the hardest parts Prioritizing security issues is essential to avoid alert fatigue Combining code, pipeline, and compliance checks gives a stronger security overview

What's next for Audit Arc

Supporting more cloud providers and compliance standards Enhancing anomaly detection in code and deployments Building collaborative features for team tracking and resolution

Built With

• amazon-web-services
• angular.js
• claude
• harness
• html
• python
• scss
• semgrep
• typescript
• vanta