{"id":51186729,"url":"https://github.com/trailofbits/different","last_synced_at":"2026-06-27T11:02:37.348Z","repository":{"id":334792748,"uuid":"1142691928","full_name":"trailofbits/different","owner":"trailofbits","description":"Detect bugs that have already been fixed in one codebase and determine whether the same issues apply to the target codebase.","archived":false,"fork":false,"pushed_at":"2026-04-16T07:26:44.000Z","size":544,"stargazers_count":6,"open_issues_count":2,"forks_count":1,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-06-18T08:34:47.115Z","etag":null,"topics":["agentic-security","code-review","deepagent"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/trailofbits.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-01-26T18:29:29.000Z","updated_at":"2026-05-14T18:48:00.000Z","dependencies_parsed_at":"2026-01-27T09:00:24.021Z","dependency_job_id":null,"html_url":"https://github.com/trailofbits/different","commit_stats":null,"previous_names":["trailofbits/different"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/trailofbits/different","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trailofbits%2Fdifferent","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trailofbits%2Fdifferent/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trailofbits%2Fdifferent/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trailofbits%2Fdifferent/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/trailofbits","download_url":"https://codeload.github.com/trailofbits/different/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trailofbits%2Fdifferent/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34850575,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-27T02:00:06.362Z","response_time":126,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["agentic-security","code-review","deepagent"],"created_at":"2026-06-27T11:02:35.622Z","updated_at":"2026-06-27T11:02:37.339Z","avatar_url":"https://github.com/trailofbits.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Different\n\n[![tests](https://github.com/trailofbits/different/actions/workflows/ci.yml/badge.svg?label=tests)](https://github.com/trailofbits/different/actions/workflows/ci.yml)\n\nDifferent is a variant-analysis agentic tool built with DeepAgents. It does two things:\n\n- First, it looks at an \"inspiration\" local Git repository and tries to extract recent bug fixes and security fixes, skipping docs/formatting/test/refactor-only commits unless the diff shows an actual bug fix. It outputs a structured JSON file with one entry per fix, including idea-level root causes and tags so matching can be flexible.\n- Then, it takes that JSON and checks a “target” local Git repository to see if the same problems likely apply there. It outputs another JSON file with one entry per finding.\n\nThe logic is agentic: an LLM calls local Git tools (and optional GitHub API tools) in a loop to inspect commits, diffs, and related PR/issue context.\n\nEach finding includes `id`, `kind`, `severity`, `title`, `root_cause`, `fix_summary`, `evidence`, and `tags`. For `kind=\"bug\"` findings with a concrete severity (not `\"unknown\"`), it also includes `main_file` and `exploit_risk` (a short paragraph describing how an attacker could exploit the bug and what impact they could get).\n\nThe inspiration agent can fetch PR labels and review comments for richer context. The target agent can search commit messages (`git_log_search`) to check if a fix was already applied, and list tracked files (`git_ls_files`) to explore the project structure.\n\n## When to use it\n- You are fuzzing two parsers, `A` and `B`, that should behave almost identically. Run `different` to check that recent bug/vuln fixes from codebase `A` don't apply to codebase `B`.\n- A CVE drops for library `X`. You have an internal fork or a similar implementation. Point `different` at `X` as inspiration and your codebase as target to quickly check if the same bug class affects you.\n- Before doing code review for codebase `B`, run `different` against a well-maintained sibling codebase `A` to see what kinds of vulnerabilities are being fixed there and get inspiration from that.\n- Give it as context to an LLM/agentinc app when doing LLM-based bug-hunting, so that your agent has a context full of valid and fresh bugs. \n\n## Requirements\n\nThe default config uses GPT-5.2 with xhigh reasonning. If you switch to a Claude model via `--model`, you need `ANTHROPIC_API_KEY`.\n\n## Pre-commit hooks\n\nThis repo includes a `.pre-commit-config.yaml` that runs `ruff`, `ty`, and `shellcheck`.\nUse `prek` (or `pre-commit`) to run the hooks, for example:\n\n```bash\nuv sync --group lint\nprek run --all-files\n```\n\nOr use the Makefile:\n\n```bash\nmake lint\n```\n\n## Testing\n- `pytest` runs with `pytest-cov` .\n- Warnings are treated as errors.\nRun:\n```bash\nuv run pytest\n```\n\nOr use the Makefile:\n\n```bash\nmake test\n```\n\n## Configuration\n\nThe app reads `different.toml`. This is where you set the \"recent\" window (days + max commits), how many patch lines are fetched per commit, whether GitHub enrichment is enabled, whether HTML reports are generated, and the default model settings. You can also set `extract.since_date` (YYYY-MM-DD or ISO-8601) to scan from a fixed date; it overrides `since_days`.\nYou can override the model per run with `--model`.\n\n## Usage\nRun the full workflow (extract -\u003e check):\n\n```bash\nuv sync --all-groups\ndifferent-agent --inspiration /path/to/inspiration-repo --target /path/to/target-repo\n```\n\nRun extraction only (skip target analysis):\n\n```bash\nuv sync --all-groups\ndifferent-agent --inspiration /path/to/inspiration-repo --extract-only\n```\n\nOutputs are written under `outputs/\u003cproject_name\u003e/` and get a time-based suffix per run.\nFor example: `outputs/my-target/target_assessment_01-12_22-12.json`.\nAt the end of a run, the console also prints how many commits and PRs were analyzed.\n\nScan from a given date (overrides `since_days`):\n\n```bash\ndifferent-agent --inspiration /path/to/inspiration-repo --target /path/to/target-repo --since-date 2024-01-01\n```\n\nLimit GitHub PRs to a number range (inclusive):\n\n```bash\ndifferent-agent --inspiration /path/to/inspiration-repo --extract-only --from-pr 3300 --to-pr 3350\n```\n\nWhen a PR range is provided, the extractor skips commit and issue scanning and focuses on GitHub PRs only.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftrailofbits%2Fdifferent","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftrailofbits%2Fdifferent","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftrailofbits%2Fdifferent/lists"}