Setup automated security scanning with GitHub Actions

.github/pull_request_template.md

@@ -0,0 +1,32 @@
+## Description
+
+Briefly describe what vulnerabilities this code demonstrates.
+
+## Vulnerability Types
+
+- [ ] Reentrancy
+- [ ] Integer Overflow/Underflow
+- [ ] Access Control
+- [ ] tx.origin Authorization
+- [ ] Unchecked Call Returns
+- [ ] SQL Injection
+- [ ] Cross-Site Scripting (XSS)
+- [ ] Other: _______________
+
+## Expected Detections
+
+List what the security agent SHOULD detect:
+
+1. [ ] Vulnerability 1 - Severity: CRITICAL
+2. [ ] Vulnerability 2 - Severity: HIGH
+
+## Testing Checklist
+
+- [ ] Code compiles/runs (even if vulnerable)
+- [ ] Comments explain the vulnerability
+- [ ] Added to README if new file
+- [ ] Tested locally with security agent
+
+---
+
+**Note:** The Security AI Agent will automatically scan this PR and post findings below! 🤖

.github/workflows/security-scan.yml

@@ -0,0 +1,52 @@
+name: Security Scan
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+  push:
+    branches: [main]
+
+jobs:
+  security-analysis:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: write
+      issues: write
+
+    steps:
+      - name: Checkout vulnerable code repository
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.10'
+
+      - name: Checkout Security Agent
+        uses: actions/checkout@v4
+        with:
+          repository: security-ai-labs/security-ai-agent
+          path: security-agent
+          ref: main
+
+      - name: Install dependencies
+        run: |
+          pip install -r security-agent/requirements.txt
+
+      - name: Run Security Analysis
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          REPO_NAME: ${{ github.repository }}
+          PR_NUMBER: ${{ github.event.pull_request.number || '' }}
+        run: |
+          python main.py
+        working-directory: security-agent
+
+      - name: Upload Analysis Results
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: security-analysis-results
+          path: ${{ github.workspace }}/security-agent/analysis-*.json
+          retention-days: 30

README.md

@@ -1,9 +1,72 @@
-# vulnerable-code-examples
 # Vulnerable Code Examples 🚨
 
+[![Security Scan](https://github.com/diksha190/vulnerable-code-examples/actions/workflows/security-scan.yml/badge.svg)](https://github.com/diksha190/vulnerable-code-examples/actions/workflows/security-scan.yml)
+
 This repository contains intentionally vulnerable code samples for testing the **Web3 Security Agent**.
 
 **⚠️ WARNING:** These are intentionally vulnerable! Never use this code in production.
 
+## Automated Security Scanning
+
+Every pull request is automatically scanned by our AI Security Agent:
+- ✅ Detects 60+ vulnerability types
+- ✅ Covers Ethereum, Solana, Web2, and DeFi
+- ✅ Posts detailed findings as PR comments
+- ✅ Includes severity levels and remediation advice
+
+## Testing the Agent
+
+To test the security agent locally:
+
+```bash
+# Clone this repo
+git clone https://github.com/diksha190/vulnerable-code-examples.git
+cd vulnerable-code-examples
+
+# Clone the security agent into a subdirectory
+git clone https://github.com/security-ai-labs/security-ai-agent.git security-agent
+
+# Install dependencies
+pip install -r security-agent/requirements.txt
+
+# Set environment variables and run analysis
+# Note: Never commit tokens to your repository! Use secure token management.
+# Token needs 'repo' and 'pull_requests: write' permissions
+export GITHUB_TOKEN=your_token_here
+export REPO_NAME=diksha190/vulnerable-code-examples
+cd security-agent
+python main.py
+```
+
 ## Repository Structure
-# Test PR
+
+```
+vulnerable-code-examples/
+├── ethereum/
+│   └── vulnerable_erc20.sol    # Intentionally vulnerable ERC20
+├── web2/
+│   └── (coming soon)
+├── solana/
+│   └── (coming soon)
+└── defi/
+    └── (coming soon)
+```
+
+## Known Vulnerabilities
+
+### ethereum/vulnerable_erc20.sol
+- 🚨 **CRITICAL**: Integer Overflow (Solidity 0.7.0)
+- 🚨 **CRITICAL**: Reentrancy Attack
+- 🚨 **CRITICAL**: Missing Access Control (mint, burn)
+- ⚠️ **HIGH**: Unchecked Call Return
+- ⚡ **MEDIUM**: Missing Zero Address Check
+- ⚡ **MEDIUM**: Timestamp Dependency
+
+## Contributing
+
+Feel free to add more vulnerable examples to test the security agent!
+
+1. Create a new branch
+2. Add vulnerable code in appropriate directory
+3. Open a PR
+4. Watch the security agent find the vulnerabilities! 🔍