ZeroHour

Why ZeroHour

Static analysis tools generate hundreds of findings with no prioritization. Teams know what is wrong, but not what to fix first.

How It Works

1. Runs Semgrep to extract structured findings
2. Normalizes findings into a unified dataset
3. Uses Grok to reason about impact and priority
4. Enforces Top 10 forced prioritization
5. Optionally generates AI-assisted fix suggestions

Installation

npm install
npm run build

Usage

./zerohour analyze
./zerohour analyze -C path/to/project
./zerohour analyze --no-box

CLI and SDK

ZeroHour is available as:

• A terminal-native CLI for direct use
• An SDK for CI/CD and tool integration

Documentation

• Overview
• Architecture
• Analysis Logic
• Usage
• Full Documentation Index

Status

Prototype built during a hackathon. Focused on decision clarity, not scanning completeness.