This document provides a high-level summary of the SmartContractAudit project's three pillars: Product, Governance, and Security.
SmartContractAudit provides automated auditing and antivirus capabilities for smart contracts and blockchain repositories, combining AI-powered analysis with security best practices.
- Automated Auditing: Continuous scanning of smart contract code
- GitAntivirus: Repository-level security scanning and remediation
- AI-Powered Analysis: Intelligent detection of vulnerabilities and issues
- Multi-Chain Support: Support for Solana and other blockchain platforms
- Dry-Run Safety: Non-destructive scanning by default
- Integration-Ready: GitHub Actions workflows and CI/CD integration
- Languages: Shell, JavaScript/Node.js, Smart Contract languages
- Platform: GitHub Actions, Node.js runtime
- Tools: Custom security scanners, static analysis, pattern matching
- Architecture: Modular, extensible scanning framework
See RELEASE.md for current release plans and docs/release-process.md for deployment procedures.
- Decision Making: Consensus-based with maintainer oversight
- Roles: Maintainers, Contributors, Community Members
- Process: Transparent, documented, community-driven
- Documentation: Comprehensive governance and contribution guidelines
- Open Source: Apache-2.0 license
- Community-Driven: Public issues, discussions, and RFCs
- Meritocracy: Recognition based on contributions
- Inclusive: Welcoming to all skill levels and backgrounds
- Developer Certificate of Origin (DCO): Signed commits required
- Pull Request Review: Peer review process
- Code Standards: Documented style and testing requirements
- DAO Participation: Contributor eligibility for governance tokens
- Recognition: Sponsors acknowledged in documentation and website
- Independence: Financial support doesn't influence technical decisions
- Partnership Tiers: Multiple levels of sponsorship available
- Benefits: Access to support, early features, partnership opportunities
See GOVERNANCE.md and docs/partners/ for details.
Security is embedded in every aspect of the project:
- Vulnerability Disclosure: Responsible disclosure process
- Triage SLA: Clear response times for security issues
- Security Contacts: Dedicated security team
- Regular Audits: Automated and manual security reviews
- No Secrets in Code: Never commit credentials or private keys
- Dry-Run Default: Destructive operations require explicit opt-in
- Least Privilege: Minimal required permissions for operations
- Defense in Depth: Multiple layers of security controls
- Transparent Logging: Comprehensive audit trails
- Automated Scanning: Continuous security monitoring
Protected against:
- Secret exposure in repositories
- Malicious code injection
- Supply chain attacks
- Unauthorized access
- Data breaches
- Social engineering
- Secret Detection: Automated scanning for exposed credentials
- Dependency Scanning: Regular audits of third-party packages
- Code Review: Security-focused peer review
- GitAntivirus Workflow: Automated repository scanning
- Incident Response: Documented procedures for security events
- No PII Collection: Minimal personal data collection
- Data Minimization: Only collect what's necessary
- Public Redaction: Automatic sanitization of sensitive data
- Retention Limits: Clear data retention policies
See SECURITY.md and PRIVACY.md for complete policies.
| Aspect | Status | Key Documents |
|---|---|---|
| Product | Active Development | README.md, docs/ |
| Governance | Established | GOVERNANCE.md, CONTRIBUTING.md |
| Security | High Priority | SECURITY.md, PRIVACY.md |
| License | Apache-2.0 | LICENSE |
| Community | Open | CODE_OF_CONDUCT.md |
| Funding | Open for Sponsors | FUNDING.yml, docs/partners/ |
| DAO | In Planning | docs/dao/ |
| Release | v2026.01.01 Target | RELEASE.md |
- Contribute Code: See CONTRIBUTING.md
- Report Issues: Use GitHub Issues
- Join Discussions: GitHub Discussions
- Sponsor: See FUNDING.yml
- Partner: See docs/partners/
- DAO Participation: See docs/dao/
- GitHub Issues: Bug reports and features
- GitHub Discussions: General Q&A
- Pull Requests: Code contributions
- Security: [email protected]
- Privacy: [email protected]
- Sponsors: [email protected]
- README.md - Getting started
- docs/ - User documentation
- SECURITY.md - Security best practices
- CONTRIBUTING.md - How to contribute
- GOVERNANCE.md - Project governance
- docs/partners/technical_onboarding.md - Technical setup
- docs/partners/README.md - Partner overview
- docs/partners/sponsorship_tiers.md - Sponsorship options
- docs/partners/sla_and_support.md - Support details
Project health indicators:
- Code Coverage: Target >80%
- Security Scans: Daily automated scans
- Response Time: See SECURITY.md for SLAs
- Release Cadence: Regular versioned releases
- Community Growth: Active contributors and users
Build a sustainable, secure, and community-driven smart contract auditing platform that serves the entire blockchain ecosystem with:
- Best-in-class security tooling
- Transparent governance
- Open collaboration
- Strong privacy protections
- Inclusive community
Together, Product · Governance · Security form the foundation of SmartContractAudit.
For detailed information on any pillar, please refer to the linked documents.
Last Updated: 2026-01-01