This is a submission for the Gemma 4 Challenge: Build with Gemma 4
What I Built
OpenGuard is a developer-centric, self-hosted static code analysis (SCA) platform designed to act as an open-source alternative to tools like SonarQube. Built with OpenGrep (a Semgrep fork), FastAPI, PostgreSQL, and React, it enables developers to scan codebases, compute real-time project security health scores, track issues across historical scans, and manage remediation efforts via a native Jira-style Kanban board.
To bridge the gap between finding a vulnerability and fixing it, OpenGuard features an AI-driven remediation pipeline. With a single click on any code vulnerability, OpenGuard packages the entire target file, localizes the error coordinates, and calls a local Gemma 4 instance to generate high-fidelity, contextual explanations and beautified drop-in code fixes.
Demo
Our platform features a highly responsive, premium dashboard engineered with an editorial design aesthetic. The UI utilizes a warm parchment background, bold ink-black typography, and serif-led headings for a state-of-the-art experience:
- Interactive Project Dashboard: A clean visual split of issues by severity level (Critical, High, Medium, Low) featuring semantic color-coding. The dashboard includes a dynamic, natively animated SVG Security Health Gauge and an interactive historical trend chart with hover-activated data tooltips.
- Kanban Board: A Jira-like ticket board allowing developers to transition issues between Backlog, Todo, In Progress, and Done. Each issue card features visual tags showing its historical persistence, severity badges, and details.
- AI Fix Interface: An interactive code viewer inside the ticket details that displays the native explanation alongside a pre-formatted, syntax-highlighted code block containing the recommended fix.
-
End-User Packaging: The entire infrastructure is packaged into a seamless, single-command Docker Compose environment with an easy-to-install Python CLI (
openguard scan) for scanning local repositories.
Application Dashboard
Workspace
Project overview
List of issues in the scan.
AI suggest explanation & fix
Code
The complete source code for OpenGuard is open-source and available on GitHub:
How I Used Gemma 4
OpenGuard leverages the local inference capabilities of Gemma 4 (gemma4:e4b) served via Ollama.
Why Gemma 4?
Vulnerabilities are rarely self-contained; they require systemic understanding of the surrounding code. We chose the Gemma 4 9B parameter model because of its excellent performance in coding tasks and its ability to process large instruction sets locally.
Implementation Details:
- Large Context Processing (128K Tokens): In order to provide accurate fixes without hallucinating, we supply Gemma 4 with the entire source file (up to a 128K context limit) rather than just the isolated line of code. This allows the model to understand local variables, imports, and architectural patterns.
-
Structured JSON Output: To build a reliable API, we configured the Ollama request with the format constraint
jsonand structured the prompt to guarantee responses matching:
{
"explanation": "Brief context on why this is a vulnerability.",
"code_fix": "The fully corrected file or function block."
}
This ensures that the frontend can parse the response natively and present the suggested fix in a beautiful, copyable code block without raw markdown delimiters (`) bleeding into the UI.
-
Optimized Development Loop: The AI responses are cached in the PostgreSQL database so that recurring views are instant, with a
--forceflag implemented to let developers request a fresh generation when needed.
Gemma 4 provides the speed of local developer workflows with the intelligence of a security expert, making local static analysis interactive and highly actionable.
Reach Out
Built by Suyash Srivastava. If you have any feedback, questions, or are interested in collaborating on OpenGuard or similar AI-driven developer tooling, I'd love to hear from you!
📧 Contact me at: suyashmtech+openanlyzer@gmail.com
Top comments (0)