Demo — StaticCodeAudit Reports & 3-Command Workflow

Three Commands. Full Audit.

Initialize, scan, and review. No configuration headaches.

Initialize

./run_audit.py /path --init

Audit

Run the full audit. 698 rules, unit tests, fixture validation, historical comparison.

./run_audit.py /path

Review

Open the standalone HTML report. Interactive charts, findings, health score. Share anywhere.

open SCA-REPORT-*.html

Terminal

$ ./run_audit.py ~/projects/my-app

🔎 StaticCodeAudit — my-app v2.1

▸ Scanning Security rules... 262 rules ✓

▸ Scanning Architecture rules... 7 rules ✓

▸ Scanning UI rules... 5 rules ✓

▸ Scanning UX rules... 12 rules ✓

▸ Scanning Maintenance rules... 20 rules ✓

▸ Scanning CI/CD rules... 8 rules ✓

▸ Validating fixtures... 100% (145/145 vulnerable, 137/137 clean) ✓

▸ Running unit tests... 888 passed ✓

▸ Comparing with baseline... +2 new, -5 resolved ✓

📊 Health Score: 72/100

📄 Report: SCA-REPORT-2026-03-09.html

💾 Data: SCA-DATA-2026-03-09.json

$ █

Report Features

Self-contained HTML report with 12+ interactive charts, no server required.

12+ Interactive Charts

Severity distribution, category breakdown, timing analysis, historical trends.

Health Score

Logarithmic security score normalized by LOC with severity penalties and color-coded progress bar.

Baseline Comparison

Track new, resolved and persistent issues across up to 10 audit snapshots.

SARIF 2.1.0 Export

GitHub Code Scanning and GitLab SAST compatible. Drop into your CI/CD pipeline.

SBOM Generation

CycloneDX 1.5 Software Bill of Materials. Know every component in your project.

Git Blame Integration

Automatically resolve the committer per finding for team accountability.

Open the live report (no install)

See It In Action