{"id":49248480,"url":"https://github.com/squid-protocol/gitgalaxy","last_synced_at":"2026-07-07T23:00:38.232Z","repository":{"id":346474166,"uuid":"1187618809","full_name":"squid-protocol/gitgalaxy","owner":"squid-protocol","description":"An AST-free, LLM-free heuristic knowledge graph engine for deep repository intelligence. Map, secure, and modernize enterprise codebases across 50+ languages at extreme velocity","archived":false,"fork":false,"pushed_at":"2026-07-04T15:48:14.000Z","size":234583,"stargazers_count":45,"open_issues_count":17,"forks_count":2,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-07-04T16:04:19.527Z","etag":null,"topics":["ai-security","appsec","auditing","cli","cobol","code-bioinformatics","codebase-analysis","cybersecurity","deep-tech","devsecops","incident-response","legacy-modernization","python","sbom","software-architecture","static-analysis","supply-chain-security","zero-trust"],"latest_commit_sha":null,"homepage":"https://squid-protocol.github.io/gitgalaxy/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/squid-protocol.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-03-20T23:59:31.000Z","updated_at":"2026-07-02T16:59:35.000Z","dependencies_parsed_at":null,"dependency_job_id":"84e60fe1-bf05-43aa-81b3-51692cd82d26","html_url":"https://github.com/squid-protocol/gitgalaxy","commit_stats":null,"previous_names":["squid-protocol/gitgalaxy"],"tags_count":15,"template":false,"template_full_name":null,"purl":"pkg:github/squid-protocol/gitgalaxy","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/squid-protocol%2Fgitgalaxy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/squid-protocol%2Fgitgalaxy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/squid-protocol%2Fgitgalaxy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/squid-protocol%2Fgitgalaxy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/squid-protocol","download_url":"https://codeload.github.com/squid-protocol/gitgalaxy/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/squid-protocol%2Fgitgalaxy/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":35245324,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-07-07T02:00:07.222Z","response_time":90,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai-security","appsec","auditing","cli","cobol","code-bioinformatics","codebase-analysis","cybersecurity","deep-tech","devsecops","incident-response","legacy-modernization","python","sbom","software-architecture","static-analysis","supply-chain-security","zero-trust"],"created_at":"2026-04-24T23:02:38.226Z","updated_at":"2026-07-07T23:00:38.226Z","avatar_url":"https://github.com/squid-protocol.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# GitGalaxy\n\n[![PyPI version](https://badge.fury.io/py/gitgalaxy.svg)](https://badge.fury.io/py/gitgalaxy)\n[![Python 3.10+](https://img.shields.io/badge/python-3.10+-blue.svg)](https://www.python.org/downloads/)\n[![License: PolyForm Noncommercial](https://img.shields.io/badge/License-PolyForm%20Noncommercial-blue.svg)](https://polyformproject.org/licenses/noncommercial/1.0.0/)\n\n[![Engine](https://img.shields.io/badge/Engine-blAST-8A2BE2.svg)](#)\n[![Velocity](https://img.shields.io/badge/Velocity-100k+_LOC%2Fs-00C957.svg)](#)\n[![Analysis](https://img.shields.io/badge/Analysis-Static_Analysis-00BFFF.svg)](#)\n[![Threat Hunting](https://img.shields.io/badge/Threat_Hunting-Behavioral-FF4500.svg)](#)\n[![Architecture](https://img.shields.io/badge/Architecture-Zero__Trust-teal.svg)](#)\n[![Coverage](https://img.shields.io/badge/Coverage-50%2B_Languages-00C957.svg)](#)\n\n[![Zero Dependencies](https://img.shields.io/badge/Dependencies-0-brightgreen.svg)](https://pypi.org/project/gitgalaxy/)\n[![Airgap Ready](https://img.shields.io/badge/Security-Airgap_Ready-teal.svg)](#)\n[![Downloads](https://static.pepy.tech/badge/gitgalaxy)](https://pepy.tech/project/gitgalaxy)\n\n### **Whole-Repository Understanding \u0026 DevSecOps Topology**\n\nMost tools analyze code line-by-line. GitGalaxy maps the entire architectural ecosystem. By tracking the exact flow of information across network dependencies, identifying local folder constraints, and natively recognizing 50+ languages—even mid-file—GitGalaxy provides a deterministic, macro-level view of your software's structural architecture.\n\n### Scanning Apollo-11 with the blAST Engine\n\n![GitGalaxy CLI Scan](https://raw.githubusercontent.com/squid-protocol/gitgalaxy/main/docs/wiki/assets/apollo11_scan.gif)\n\n**Why we built a custom parsing engine:**\nStandard Abstract Syntax Trees (ASTs) are excellent for finding syntax errors, but they require fully compilable code and struggle to map massive-scale information flow efficiently. LLMs suffer from context window saturation and yield probabilistic, fluctuating answers.\n\nThe **blAST (Bypassing LLMs and ASTs) engine** solves this by adopting the search philosophy of computational biology. Just as genomic BLAST sequencing scans billions of DNA base pairs to identify protein domains without \"executing\" the organism, GitGalaxy blAST sequences raw source code to identify **Structural Signatures**. \n\nInstead of mapping gene starts and genetic mutations, the engine deterministically sequences coding intent, execution boundaries, and architectural risk exposures. This enables the engine to build a deterministic 3D knowledge graph of your entire repository in linear O(N) time without ever requiring the code to compile. It instantly calculates the ratio of test boundaries to core logic, maps network blast radiuses, and extracts the vital project structure data that rigid linters ignore. \n\n*(Note: Raw structural signatures are simply data points. True risk exposures in GitGalaxy are calculated metrics derived from these structural alignments combined with topological network gravity).*\n\nThink of GitGalaxy as a highly calibrated macro-analyzer for codebase risk. Every assumption the system makes is abstracted into over 300 tunable variables. You can query active API nodes, isolate supply chain threats, or highlight functions exhibiting extreme cognitive load—all adjusted via custom thresholds to eliminate false-positive fatigue. Field-tested on over 1,000 repositories, the engine comes equipped with enterprise-grade defaults ready for immediate CI/CD deployment.\n\n**Core Repository Mapping Technology**\n* **Heuristic Structural Alignment:** Bypasses LLMs and rigid ASTs. Sequences code in raw text without requiring it to compile.\n* **Deterministic Sequencing:** Maps code using 60+ bounded structural signatures (I/O intents, state mutations, execution wrappers) exactly like sequencing genetic markers.\n* **Taxonomical Classification:** These structural profiles allow us to classify functions, files, classes, and entire repositories into distinct architectural archetypes.\n* **Topological Cartography:** Produces full network mapping via imports and dynamic execution markers.\n* **Zero-Hallucination:** Eliminates LLM architectural hallucinations and context window limits by relying strictly on mathematical constraints.\n* **Polyglot Sequencing:** Scans 50+ languages, 250+ extensions, fully folder-aware. **([How to add a language in 1 minute and 1 prompt](https://github.com/squid-protocol/gitgalaxy/blob/main/gitgalaxy/standards/how_to_add_a_language.md))**\n\n**Enterprise Scale \u0026 Performance Metrics**\n* **Active Pipeline Integration:** Over 11,000 PyPI downloads, driven heavily by automated CI/CD security sweeps and zero-trust DevSecOps workflows.\n* **Production Tested:** Backed by an active early-adopter community on GitHub driving real-world issue resolution, architectural forks, and continuous engine hardening.\n* 100,000 LOC/sec code analysis.\n* 0.07 GB/sec raw log ingestion.\n* Full-system scans in minutes without data sampling.\n* 100% daily system coverage.\n\n**Methodology \u0026 Comparative Benchmarks**\nGitGalaxy is backed by an academic-grade thesis detailing the equations powering the blAST engine.\n\n* **[Optimum Search Strategies Evolve](https://squid-protocol.github.io/gitgalaxy/03-01-claim-1-search-strategies/):** AST-free mapping. Outperforms rigid parsers and LLM context windows.\n* **[Languages are getting easier to regex for meaning and intent](https://squid-protocol.github.io/gitgalaxy/03-02-claim-2-explicitness/):** Quantifies linguistic opacity. Assigns mathematical \"trust dampeners\" to implicit languages.\n* **[All languages have keywords that roughly do the same thing, these can be grouped to make cross-language keyword maps](https://squid-protocol.github.io/gitgalaxy/03-03-claim-3-taxonomy-map/):** Standardizes 50+ languages into a single universal physical framework.\n* **[Cross-Language Comparisons of over 1000 repos](https://squid-protocol.github.io/gitgalaxy/03-04-claim-4-comparing-languages/):** Deterministic 1:1 benchmarking of distinct syntax architectures.\n* **[Universal File Archetypes by k-means clustering](https://squid-protocol.github.io/gitgalaxy/03-05-claim-5-file-archetypes/):** ML isolation of files into K-means clusters.\n* **[Mainframe Proven: 100% CI/CD Translation Success Rate](https://github.com/squid-protocol/gitgalaxy/tree/main/examples/ibm_cics_translation):** Flawless architectural translation of 27 distinct legacy COBOL repositories (including IBM CICS benchmark apps) into compiling Java Spring Boot environments.\n\n**Data Privacy \u0026 On-Premise Deployment**\n* 100% air-gapped execution.\n* On-premise deployment with zero IP exfiltration risk.\n* Zero-trust processing model.\n\n**Installation \u0026 Usage**\n* Python-based: `pip install gitgalaxy`\n* CLI execution\n* CI/CD Integration: Native **[GitHub Action](https://github.com/squid-protocol/gitgalaxy/blob/main/github-action-readme.md)** available for zero-trust DevSecOps pipelines.\n* Outputs forensic JSONs (optimized for AI-agent summary reports) and a native SQLite3 database for robust querying and storage.\n\n\u003e **📖 Official Documentation:** Read the full technical specifications, architecture blueprints, and the Taxonomical Equivalence Map at **[squid-protocol.github.io/gitgalaxy](https://squid-protocol.github.io/gitgalaxy/)**.\n\n---\n\n## Quickstart Guide\n\n### 1. Install\n\n```bash\npip install gitgalaxy\n```\n\n\n### 2. Scan a Repository\n\nPoint the GalaxyScope at any local repository or ZIP archive. The engine runs entirely on your local machine—zero data is transmitted.\n\n```bash\ngalaxyscope /path/to/your/local/repo\n```\n\n### 3. GitHub Actions CI/CD Integration\n\nGitGalaxy can be integrated directly into your GitHub Actions pipeline for automated DevSecOps auditing, Zero-Trust SBOM generation, or Pre-Commit firewalls. \n\n**🚀 [View the Full GitHub Action Integration Guide](https://github.com/squid-protocol/gitgalaxy/blob/main/github-action-readme.md)**\n\nCheck out our comprehensive guide to set up the **Pipeline Architecture** (Parallel Enforcement \u0026 Autonomous Reporting). It covers all available inspection tools, AI guardrails, and advanced configuration options like our hyper-sensitive `--paranoid` threat-hunting mode.\n\n*Minimal Example (Running a single inspection tool):*\n```yaml\nname: GitGalaxy Security Audit\n\non:\n  pull_request:\n    branches: [ \"main\" ]\n\njobs:\n  gitgalaxy-scan:\n    runs-on: ubuntu-latest\n    steps:\n      - name: Checkout Repository\n        uses: actions/checkout@v4\n\n      - name: Run GitGalaxy Supply Chain Firewall\n        uses: squid-protocol/gitgalaxy@main\n        with:\n          tool: 'supply-chain-firewall' # View the Integration Guide for the full tool directory\n          target: '.'\n```\n\n---\n\n### [GitGalaxy Core Analysis Engine](https://github.com/squid-protocol/gitgalaxy/blob/main/docs/wiki/01-project-overview.md)\nThe central blAST engine. It bypasses rigid ASTs using mathematical heuristics to map O(N) multi-dimensional relationships across 50+ languages, managing signal processing, spatial layout, and high-speed SQLite telemetry recording.\n\n\n\n## Enterprise Codebase Tools \u0026 Use Cases\n\nGitGalaxy operates on a Decoupled Architecture. While the core engine provides the overarching structural mechanics and topological mapping, our specialized Decoupled Execution Controllers leverage that deterministic graph to execute enterprise-grade operations.\n\n### [Automated Legacy Migration: COBOL to Java Spring Boot](https://github.com/squid-protocol/gitgalaxy/tree/main/gitgalaxy/tools/cobol_to_java/)\nA deterministic, high-fidelity translation pipeline. It converts legacy COBOL into fully compiling, modern Spring Boot architectures, mapping memory exactly and scaffolding JPA entities, REST controllers, and Maven builds before utilizing AI to translate isolated business logic.\n* **Proven Metric:** Achieved a perfect 27/27 Maven compile success rate across a batch test of distinct legacy repos.\n* **Verify for Yourself:** [Inspect the raw outputs of the IBM CICS Application Translation here.](https://github.com/squid-protocol/gitgalaxy/tree/main/examples/ibm_cics_translation/)\n\n![Java Forge \u0026 Batch Test](https://raw.githubusercontent.com/squid-protocol/gitgalaxy/main/docs/wiki/assets/java_forge_and_batch_test.gif)\n\n### [Mainframe Refactoring: COBOL \u0026 JCL Optimization](https://github.com/squid-protocol/gitgalaxy/tree/main/gitgalaxy/tools/cobol_to_cobol/)\nAn analytical suite for sanitizing mainframe monoliths. It safely neutralizes legacy lexical traps, extracts dead execution memory, maps topological DAG execution orders, and generates Zero-Trust JCL configurations for modern cloud deployments.\n* **Proven Metric:** The dead-code extraction engine removed over 6,700 lines of dead execution blocks and orphaned variables from the standard IBM CICS benchmark app in seconds.\n\n### [Software Supply Chain Security \u0026 Pre-Commit Firewalls](https://github.com/squid-protocol/gitgalaxy/tree/main/gitgalaxy/tools/supply_chain_security/)\nExtreme-velocity pre-commit firewalls. Instead of trusting manifest files, it scans physical internals to block steganography, byte-level XOR decryption loops, homoglyph typosquatting, and exposed cryptographic vaults before they ever enter your CI/CD pipeline. **[Deploy directly via our GitHub Action](https://github.com/squid-protocol/gitgalaxy/blob/main/github-action-readme.md).**\n\n### [Zero-Trust SBOM Generation \u0026 Dependency Auditing](https://github.com/squid-protocol/gitgalaxy/tree/main/gitgalaxy/tools/compliance/)\nA Zero-Trust Software Bill of Materials (SBOM) generator. It refuses to blindly trust `package.json` or `requirements.txt` files, instead locating the physical dependencies on disk, mathematically verifying their entropy and linguistic identity, and generating strict CycloneDX 1.4 JSON reports.\n* **Proven Metric:** Successfully mapped and mathematically verified the physical internals of 170 unique Go modules inside the local Kubernetes repository.\n\n### [API Security \u0026 Shadow API Detection](https://github.com/squid-protocol/gitgalaxy/tree/main/gitgalaxy/tools/network_auditing/)\nA deterministic mapping tool that hunts undocumented vulnerabilities. It uses structural regex to find active physical routing logic (Express, Spring Boot, FastAPI) and applies set theory against official OpenAPI/Swagger documentation to isolate critical Shadow APIs and outdated Ghost APIs.\n\n### [High-Speed PII Detection \u0026 Log Analysis](https://github.com/squid-protocol/gitgalaxy/tree/main/gitgalaxy/tools/terabyte_log_scanning/)\nUnindexed, tactical log analysis operating at 0.07 GB/sec. It streams massive database dumps to deterministically hunt and mask PII (Credit Cards, SSNs, AWS Keys) and uses static architecture maps to prove exact runtime execution frequencies with ASCII time-series histograms.\n\n### [AI Agent Guardrails \u0026 Codebase Protection](https://github.com/squid-protocol/gitgalaxy/tree/main/gitgalaxy/tools/ai_guardrails/)\nSpecialized keyword sensors protecting both your application and your codebase. The AppSec Sensor detects weaponized LLM features (RCE funnels, exfiltration risks), while the Dev Agent Firewall evaluates token mass and blast radius to restrict autonomous coding agents from modifying dangerous or context-token-draining files. Helps identify which files need to be chunked to reduce context overload.\n\n## Local Browser-Based 3D Codebase Visualization\n\nIf you prefer visual analytics, we've built a topological dashboard where each file represents a node, sized and colored according to specific risk metrics.\n\nSimply drag and drop your generated `your_repo_GPU_galaxy.json` file (or a `.zip` of your raw repository) directly into [GitGalaxy.io](https://gitgalaxy.io/). All rendering and scanning happens entirely in your browser's local memory.\n\n### 🔭 Watch GitGalaxy in Action\n\n**Mapping 3.2 Million Lines of C++ in 11 Seconds | OpenCV** [![OpenCV Demo](https://img.youtube.com/vi/3ScQCSUBdZw/maxresdefault.jpg)](https://youtu.be/3ScQCSUBdZw)\n\n![GitGalaxy Topological Visualizer 3D graph rendering complex software repository structures and K-means clustering archetypes in the browser](https://raw.githubusercontent.com/squid-protocol/gitgalaxy/main/docs/wiki/assets/metavisualizer.png)\n\n## Zero-Trust Data Security\n\nYour code never leaves your machine. GitGalaxy performs 100% of its scanning and vectorization locally.\n\n* **No Data Transmission:** Source code is never transmitted to any API, cloud database, or third-party service.\n* **Ephemeral Memory Processing:** Repositories are unpacked into a volatile memory buffer (RAM) and are automatically purged when the browser tab is closed.\n* **Privacy-by-Design:** Even when using the web-based viewer, the data remains behind the user's firewall at all times.\n\n## ⚖️ Licensing \u0026 Usage\n\nCopyright (c) 2026 Joe Esquibel\n\nGitGalaxy is distributed under the **PolyForm Noncommercial License 1.0.0**. \n\n### 🎓 Community Free Tier (Academic, Research, \u0026 Hobbyist)\nWe are deeply committed to the open-source and academic communities. If you are using GitGalaxy for personal projects, academic research, or non-commercial development, the engine is 100% free to use.\n\nTo suppress the commercial licensing delays in your terminal or personal CI/CD pipelines, simply set the following environment variable:\n\n```bash\nexport GITGALAXY_LICENSE_KEY=\"COMMUNITY_FREE_TIER\"\n```\n\n### 🏢 Commercial \u0026 Enterprise Use\nRunning GitGalaxy in corporate environments, proprietary codebases, or commercial CI/CD pipelines requires an enterprise license. Unlicensed corporate pipelines will experience intentional execution friction, and attempting to use the Community Free Tier key in a corporate environment will trigger explicit non-compliance warnings in your audit logs.\n\nTo acquire a zero-trust commercial key for your organization and ensure clean compliance logs, please contact: **joe@gitgalaxy.io**","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsquid-protocol%2Fgitgalaxy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsquid-protocol%2Fgitgalaxy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsquid-protocol%2Fgitgalaxy/lists"}