NaxusAI - Quick Start

What is NaxusAI and a step-by-step instructions on how to set up an account, log in, and utilize the naxusAI vulnerability code monitoring service.

What is NaxusAI

NaxusAI is a platform that provides automated security monitoring for your GitHub repositories. By connecting your repositories, NaxusAI analyzes new pull requests (PRs) and commits in near real-time to detect potential vulnerabilities before they become critical issues. It also builds an internal graph of your repository, representing the codebase as functions, classes, and dependencies, which allows for detailed security audits of specific code flows or exposed objects on-demand. With its user-friendly dashboard, you can configure API keys, manage the repositories you monitor, see vulnerability details, and download reports in PDF.

Graph Based audits & Exposed components

NaxusAI analyzes every file in your repository to identify functions, classes, global variables, and how these elements interconnect. Each code object is stored in a graph, capturing the dependencies between them—who calls whom, what libraries they reference, and where data flows. This graph-based representation helps isolate only the necessary code for a given audit, allowing you to send a minimal yet complete context to the LLM for a security audit, ensuring more efficient scanning without sacrificing thoroughness.

NaxusAI helps identify exposed objects in your codebase—functions, classes, and files that attackers can directly interact with, such as API endpoints or global variables handling external data. Since only a small portion of the code is typically exposed to potential threats, NaxusAI enables you to focus security audits on these critical elements and their dependencies, rather than scanning the entire codebase. This targeted approach minimizes the code sent to the LLM while providing relevant context, allowing the LLM to focus on the areas most likely to contain vulnerabilities.

Access With Github

Go to https://dashboard.naxusai.com/auth/login and login with Github
First, you will need to give access to AI-Gents to access your Github profile.
- Click on Authorize AI-Gents

Then, you will need to install the AI-Gents App in Github so it can access the PRs and merges of the repositories you give it access to.

You will be automatically redirected to https://github.com/apps/ai-gents
Give it the required access over the repositories you want to monitor

After this, you would have been redirected to your dashboard in https://dashboard.naxusai.com/

Set you API Keys

Go to https://dashboard.naxusai.com/settings/general and set you OpenAI API key and optional your Anthropic key
Moreover, select the models to user for PRs & Commits and for requested audits
1. PRs & Commits: These are the models that will be used whenever a new PR or commit is sent to any monitored repository.
2. Requested Audits: These are the models that will be used when requesting a seucirity audits from the graph veiw of a repository
3. The recommendation is to set 2 or 3 models for each (usually the best ones available). More would consume a lot of time (and $ possible) while using only 1 might miss some vulnerabilities.

Monitor your repos

Go to the Repositories section and click on the Manage Repository button.
Search the repos you would like to monitor and select them by clicking in the MONITOR checkbox of each and clicking Save.

With this being done, the PRs and commits of those repositories are being monitored and NaxusAI has started to build the graph of the repository.
1. Note that NaxusAI support a limited number of languages for graph creation so if you configured a repository that users a different language, it won't be able to generate the graph.

PRs & Commits

Create a PR to one of the monitored repos. After some seconds you will receive a comment in the PR indicating if there is any vulnerability.

If there aren't vulnerabilities detected you will find a comment such as this one:

If some vulnerabilities have been detected you will get a PR comment such as:

Go to https://dashboard.naxusai.com/vulnerabilities and you will find the vulnerabilities listed:

Click on See detail to get detailed information about the vulnerability

Checking the Graph & requesting audits

In the repository section click on Visualization to see the Graph of the repository
1. Note that to generate a graph of a big repo can take 1 or 2 hours so be patience.

This is how it looks a big repo graph

In this graph you will be able to find objects representing all the code files of your repo, functions, classes, global variables... and the dependencies between them

Exposure

If you click on the Set Exposure button it's possible to indicate a regex over this files that will mark very object that matches the given description as exposed
1. It's possible to mark functions, classes and files as exposed. For example, you could indicate that any function called POST is exposed (like in NextJS), or every file that has global code is exposed (like in PHP)
2. Moreover, there are some preset rules that can beused to find all the exposed objects in specific technologies

The exposed objects will have a complete circle draw and will have the exposed field ticked, like in this image:

Trigger Audits

Then, you can press the button Audit Expose and this will trigger a security source code audit of all the objects that were marked as exposed and their dependencies (recursively).

Moreover, selecting a specific object it's also possible to trigger a security audit of the selected element and its dependencies (Audit from node for classes and functions and Audit file for files, global variables and global code) or to trigger a security audit of all the code flows that use the selected function or class clicking on Audit using node.