Antibody

Antibody scans your code for vulnerabilities across multiple layers, shows how they connect, provides recommendations and fixes them with one click. Antibody is the immune system of your cloud.

Comment

Antibody (Winner Siemens Challenge hackaTUM 2025)

Antibody scans your code for vulnerabilities across multiple layers, shows how they connect, provides recommendations and fixes them with one click. Antibody is the immune system of your cloud.

Inspiration

We jumped into Siemens' challenge because we are excited about cybersecurity. Two of us are teaching assistants for IT Security at TUM, and we're all passionate about cybersecurity topics. Many ideas came from our own experiences. One of us already knew, another had used CVE databases before, and we'd obviously all dealt with security bugs in our code. We realized that while isolated security tools exist, there's no freely available agent that scans cloud projects across multiple layers without complex configuration. The comprehensive solutions out there? Expensive. We saw an opportunity to build a tool that combines cybersecurity concepts with scalable architecture. Creating a system that not only finds vulnerabilities but understands how they connect and can be mitigated? That sounded exciting. That's why we built Antibody and picked the Siemens challenge!

What it does

Antibody is a comprehensive security scanner that examines repositories/projects across multiple layers, including:

  • CVE vulnerabilities: Checks versions and packages against NIST's CVE database
  • Container security: Analyzes Docker and Kubernetes for insecure configurations
  • Secret leaks: Detects exposed API keys and credentials using TruffleHog (800+ types)
  • HTTP security: Identifies insecure headers and tokens in query parameters
  • JWT security: Finds unsafe cryptographic primitives and cookie attributes
  • CI/CD pipelines: Detects flaws in GitHub Actions workflows

We don't just dump 50 vulnerabilities on you. We categorize them by severity and affected components and visualize them beautifully in an interface. Better yet: We provide concrete remediation recommendations, and when possible, apply fixes automatically with one click. Fixing vulnerabilities becomes nearly as easy as finding them.

How we built it

Backend: Go-based API server orchestrating scans and serving results to the frontend. Agent Architecture: Modular Python system with specialized adapters implementing a unified AdapterBase interface. Adding new scanners is trivial by just implementing the interface. Antibody can spawn multiple VMs, each with an individual agent making it extremely scalable.

Our Adapters:

  • Secret scanner integrates TruffleHog to detect secrets
  • HTTP security scanner spawns a server and analyzes returned http headers
  • CI/CD scanner parses GitHub Actions YAML
  • Docker/Kubernetes finds and scans configuration files
  • CVE scanner leverages the NIST CVE API

Standardization: Everything outputs to a unified Issue format with severity levels, remediation suggestions, and detailed metadata. Consistent data across all scanners, easy to visualize, and simple to extend. Performance: The agent runs periodically in the background with minimal CPU impact. Need fast results? Adapters work independently and can be parallelized .

Challenges we ran into

  • Auto-applying mitigations: Making one-click fixes work required directly modifying configurations was tricky but rewarding.
  • Architecture design: Finding a scalable, extensible structure took time, but we nailed it.
  • An oddly specific challenge: Our Tailwind classes didn’t work yesterday because the path to them was (somehow) in the .gitignore and we didn’t find the issue for over an hour…

Accomplishments that we're proud of

  • Building a solid, scalable architecture from scratch.
  • Detecting vulnerabilities across so many different layers.
  • Creating a beautiful, intuitive visualization of complex security data and actually providing useful recommendations for mitigating issues.

What we learned

We dove deep into vulnerability detection methods and discovered security concepts we'd never encountered. We didn’t even knew there were that many weird HTTP headers. We also learned that building modular systems pays off. Our adapter pattern made adding new scanners much easier and allowed to work efficiently.

What's next for Antibody

As Germans, we know there's always room for improvement ;) Next up is implementing more security scanners and extending existing ones. One team member is particularly excited about expanding the security graph capabilities. After that? Antibody will be ready to secure Siemens' cloud applications and save the company some money!

Built With

Share this project:

Updates