OpenGuard: Self-Hosted Static Code Analysis (SCA) with Local AI Auto-Fixes (Gemma 4)

This is a submission for the Gemma 4 Challenge: Build with Gemma 4

What I Built

OpenGuard is a developer-centric, self-hosted static code analysis (SCA) platform designed to act as an open-source alternative to tools like SonarQube. Built with OpenGrep (a Semgrep fork), FastAPI, PostgreSQL, and React, it enables developers to scan codebases, compute real-time project security health scores, track issues across historical scans, and manage remediation efforts via a native Jira-style Kanban board.

To bridge the gap between finding a vulnerability and fixing it, OpenGuard features an AI-driven remediation pipeline. With a single click on any code vulnerability, OpenGuard packages the entire target file, localizes the error coordinates, and calls a local Gemma 4 instance to generate high-fidelity, contextual explanations and beautified drop-in code fixes.

Demo

OpenGuard: Self-Hosted Static Code Analysis (SCA) with Local AI Auto-Fixes (Gemma 4)

Other newsrooms on this story

Related reading

HookGuard AI: A Local React Hook Reviewer Powered by Gemma 4 and Ollama

Gizmo Guard - Safeguard Bot (Powered by Gemma4)

AI-Assisted Frontend Reviews Using Gemma 4

Reviving TruthGuard AI: From Zero History to Full CRUD with GitHub Copilot

Chainguard is racing to fix trust in AI-built software - here's how

Security Checks with Local LLMs