CodeMentor

Code Mentor is a cloud-native DevSecOps environment that acts as an automated security architect sitting inside your IDE. As AI code assistants like Copilot ship code faster than ever, they're also shipping vulnerabilities at record speed — and traditional SAST/DAST tools are too slow and too noisy for developers to act on. Code Mentor solves this with four core capabilities: 🔍 Real-Time AI Scanning — Powered by Gemini 2.5 Pro on Google Vertex AI, the scanner performs context-aware semantic analysis on your code, flagging structural vulnerabilities like SQL injection, hardcoded secrets, and insecure patterns the moment you open a file. 🧠 Triple-Tier Explainability — Every vulnerability is explained three ways: an Analogy for quick intuition, a Technical deep-dive for senior engineers, and a Meme for culture-driven retention. This is the first security tool designed for how developers actually think. ⚡ 1-Click Live Fix — Unlike legacy scanners that stop at alerts, Code Mentor finishes the job. It rewrites your vulnerable code with a single click using the suggestedPatch from the AI response, then logs the fix to an audit trail for compliance reporting. 🏛️ Enterprise Policy Governance — A built-in Policy Studio enforces HIPAA, GDPR, and SOC2 compliance standards, giving enterprise teams real visibility into what policies are being violated across their codebase. The architecture runs on Next.js 14 with a Monaco Editor frontend, backed by serverless Next.js API routes deployed on Google Cloud Run via a multi-stage Alpine Linux Docker build — cutting cold starts by ~80%. The backend communicates with Vertex AI over IAM-governed service accounts, with zero user code cached or persisted, making it stateless and breach-resistant by design. A Vulnerability Sandbox ships with three pre-loaded production-flawed blueprints (auth-service.ts, query-engine.ts, env-config.yaml) so judges can experience the full scan-explain-fix pipeline instantly, with zero setup.