Skip to Content

Flash-LLaMA

AI-Powered Code Vulnerability Scanner Using LLaMA Models

Overview / About

Flash-LLaMA is a full-stack AI-powered code vulnerability scanner that leverages Groq's LLaMA 3.3 70B model to detect security flaws in source code across multiple programming languages. The platform features a Go-based scanning backend for static code analysis, a Python/Flask-powered LLM chat interface for interactive security queries, and React/TypeScript frontends for both the code review dashboard and the conversational assistant. Developers upload code files through a drag-and-drop interface, and Flash-LLaMA returns structured vulnerability reports with severity ratings, proof-of-concept exploits, and recommended fixes — all rendered as Markdown reports for seamless integration into development workflows.

Problem

Manual code review for security vulnerabilities is slow, inconsistent, and does not scale. Traditional static analysis tools rely on rigid pattern matching that misses context-dependent flaws and produces excessive false positives. Security teams are often bottlenecked — unable to review every pull request, leaving critical vulnerabilities undetected until production. Developers need an intelligent, automated approach that understands code semantics and can reason about complex vulnerability patterns.

Solution

Use large language models — specifically Groq's LLaMA 3.3 70B — to perform context-aware vulnerability analysis. Flash-LLaMA sends code to the LLM with a structured prompt that enforces JSON-formatted vulnerability reports, then parses, deduplicates, and presents the results through an interactive dashboard. A separate chat module allows developers to ask security questions in natural language, validate API keys against known services, and scan for prompt injection and sensitive data exposure. The system combines the reasoning power of LLMs with traditional static analysis metrics for comprehensive coverage.

Key Features

  • AI-driven vulnerability detection using Groq's LLaMA 3.3 70B model
  • Multi-language support: Go, Python, JavaScript, TypeScript, PHP, and more
  • Structured JSON vulnerability reports with severity, PoC, and fix recommendations
  • Drag-and-drop file upload with multi-file batch scanning
  • Interactive code statistics dashboard with analysis charts
  • Markdown report generation for CI/CD and GitHub integration
  • LLM chat interface for conversational security queries
  • API key validation for 10+ services (Groq, OpenAI, Google Maps, Spotify, Stripe, etc.)
  • Prompt injection detection and sensitive data scanning
  • Chunked content processing with deduplication for large codebases

Tech Stack

  • Go (Backend) — Code scanning engine, file processing, vulnerability analysis via Groq API
  • Python / Flask (Backend) — LLM chat interface, API key validation, image processing
  • React / TypeScript (Frontend) — Code review dashboard and LLM chat UI
  • Groq API / LLaMA 3.3 70B — Core language model for vulnerability detection
  • LangChain — Prompt engineering and LLM chain management
  • Tailwind CSS — Responsive UI styling
  • Vite — Frontend build tooling

How It Works

  1. File Upload — The developer uploads one or more source code files through the React-based drag-and-drop interface, supporting files up to 50 MB
  2. Static Analysis — The Go backend reads each file, computes code statistics (line counts, complexity metrics), and prepares the code content for LLM analysis
  3. LLM Vulnerability Scan — The code is sent to Groq's LLaMA 3.3 70B model with a structured prompt that enforces a strict JSON response schema containing vulnerability name, description, severity, line number, proof of concept, and recommended fix
  4. Response Parsing — The backend strips markdown formatting artifacts from the LLM response, validates the JSON structure, parses it into typed Go structs, and assigns unique IDs to each vulnerability
  5. Deduplication and Reporting — For large files processed in chunks, results are deduplicated by name and description. The final results are rendered as interactive vulnerability cards on the dashboard and saved as Markdown reports for offline review
  6. Chat and Extended Security — The Python/Flask module provides an LLM chat for follow-up security questions, validates API keys against live services, and scans for prompt injection and sensitive data exposure

Results / Outcomes

  • Detects common vulnerability classes including SQL injection, XSS, CSRF, insecure file handling, hardcoded secrets, and authentication flaws
  • Produces actionable reports with proof-of-concept exploits and step-by-step fix recommendations
  • Supports batch scanning of entire codebases with chunked processing and deduplication
  • API key validation covers 10+ services, catching leaked credentials before deployment
  • Markdown-based output integrates directly into GitHub pull requests and CI/CD pipelines

My Role

  • Designed and implemented the full-stack architecture across three modules: CodeReview, LLM Chat, and Home
  • Built the Go backend for code file processing, Groq API integration, and structured vulnerability parsing
  • Developed the Python/Flask backend with LangChain for the LLM chat interface and multi-service API key validation
  • Created React/TypeScript frontends for both the code review dashboard (file upload, vulnerability cards, code stats charts) and the LLM chat interface
  • Engineered the LLM prompt to enforce strict JSON output format for reliable vulnerability report parsing
  • Implemented content chunking and deduplication logic for scanning large codebases
  • Integrated Markdown report generation for seamless CI/CD workflow compatibility