Security Features
=================

The application includes security scanning capabilities.

Security Scanner
----------------

The core logic resides in `app/security_scanner_gemini_all_code_withsecondpass.py`.

* **Functionality:** Scans code files (identified by extensions like `.py`, `.js`, etc.) within the repository for potential security vulnerabilities.
* **Analysis Process:**
    * **First Pass:** Performs an initial analysis using a configured Gemini model (default `gemini-2.0-flash-thinking-exp-01-21` or user-selected) to identify potential issues. It extracts vulnerability details like name, description, location, remediation, threat level, and CWE ID. Results are saved to `security_vulnerabilities.json`.
    * **Second Pass (Optional):** If selected by the user, a second Gemini model (default `gemini-2.0-flash-thinking-exp-01-21` or user-selected) refines the initial findings. It uses the full repository context (uploaded as a text file) to filter out likely false positives and improve the accuracy of the reports. Refined results are saved to `improved_security_vulnerabilities.json`.
* **Output:** Generates JSON files containing lists of vulnerabilities found, including threat summaries. The format includes fields specified in the analysis prompts.
* **Rate Limiting:** Includes delays (`time.sleep`) to manage API rate limits.

SECURITY.md Generator
---------------------

The `app/gui/security_generator.py` module provides a GUI tab to create a `SECURITY.md` file.

* It prompts the user for policy details like reporting methods, disclosure timelines, preferred languages, and contact information.
* It uses a template prompt and potentially information from the `README.md` and `LICENSE` files to generate the content using an LLM.
* The generated file is saved to the repository.