Skip to content

Vega Backend Documentation

Vega is an AI-powered security code scanner. You point it at a source repository, it uses a large language model to audit the code for vulnerabilities, and it surfaces findings in a web dashboard. This documentation covers every piece of the backend system — from how to run it on your laptop to how it deploys on AWS.

What Vega does

A user's workflow looks like this:

  1. Sign in through the web dashboard.
  2. Create a project as a workspace container.
  3. Add a repository — either by providing a Git URL or uploading a zip archive.
  4. Generate a threat profile — a summary of what the application does and what risks matter most. This focuses the scan.
  5. Start a scan — the backend queues the work and an isolated runner executes the AI-powered audit.
  6. Watch progress live in the dashboard as the scan engine streams events.
  7. Review findings — the security issues the scan engine discovered, with severity, file location, and evidence.

Who this documentation is for

New developers — Start with Core Architecture to understand how the system fits together, then read Getting Started to run it locally.

Backend contributors — Read Backend Components and Scan Engine for code-level detail.

Operators and SREs — Read AWS when deploying, debugging, or operating the production system.

System at a glance

flowchart LR
    User[Dashboard user] --> API[vega-api]
    API --> DB[(Postgres)]
    API --> Queue[SQS]
    Queue --> Worker[vega-worker]
    Worker --> Runner[vega-v16-runner]
    Runner --> V16[v16 scan engine]
    V16 --> LLM[vega-llm-proxy]
    LLM --> Provider[AI provider]
    Runner --> Artifacts[(S3 artifacts)]
    API --> Frontend[React dashboard]

Each box is a separate process. Locally they can run on one machine. In AWS, they are separate ECS containers with isolated permissions.

Run the docs locally

python3 -m venv .venv
source .venv/bin/activate
pip install -r requirements.txt
mkdocs serve

Open http://127.0.0.1:8000.