releases.shpreview

Alberta scanned 466M lines of code for vulnerabilities in 20 hours

From the original release noteView original ↗

The Government of Alberta has been using Claude Code with Opus and Sonnet models since 2025 to review systems, find vulnerabilities, and fix them across government infrastructure.

Achievements:

  • Scanned 466 million lines of code in 20 hours (estimated to take 6.5 years with traditional approaches)
  • Reviewed all 1,280 applications and 3,400 code repositories maintained by the Ministry of Technology and Innovation
  • Identified security vulnerabilities, infrastructure weaknesses, and documentation gaps
  • Fixed vulnerabilities and modernized legacy systems
  • Built specialized Claude review agents for continuous security assessment

Approach:

  • Used approximately 50 Claude Code agents working autonomously in parallel
  • Two-stage scanning routine: rules engine to flag known patterns, then review to cite exact file and line numbers
  • Generated fixes, tests, and rebuilt outdated systems in modern languages
  • Some legacy systems rebuilt in 4-5 days (vs. 5 months originally)
  • Created red team and blue team agents for continuous security review
  • Agents check applications against roughly 95 security controls per pass

Impact:

  • Protects highly sensitive information including tax records, procurement data, and social services case files
  • Reduces technical debt and maintenance costs
  • Enables faster modernization of legacy applications
  • Plans to consolidate 185 legacy applications into 16 reusable modern applications

Knowledge Sharing:

  • Published technical white papers documenting efforts for other governments
  • Hosting industry day in Edmonton in July
  • Launching program to scale approach across provincial government
  • Training government workers and public through Alberta AI Academy (thousands of government employees and 10,000+ public members trained)

Fetched July 9, 2026