diff --git a/HTML_REPORT_0.png b/HTML_REPORT_0.png
index 13d5680..fa18b02 100644
Binary files a/HTML_REPORT_0.png and b/HTML_REPORT_0.png differ
diff --git a/HTML_REPORT_3_1.png b/HTML_REPORT_3_1.png
new file mode 100644
index 0000000..2e375c8
Binary files /dev/null and b/HTML_REPORT_3_1.png differ
diff --git a/HTML_REPORT_5.png b/HTML_REPORT_5.png
new file mode 100644
index 0000000..c5de2d8
Binary files /dev/null and b/HTML_REPORT_5.png differ
diff --git a/HTML_REPORT_6.png b/HTML_REPORT_6.png
new file mode 100644
index 0000000..efede9a
Binary files /dev/null and b/HTML_REPORT_6.png differ
diff --git a/README.md b/README.md
index cd08a72..2552eaf 100644
--- a/README.md
+++ b/README.md
@@ -169,8 +169,14 @@ Or using `npx`:
 
 ![HTML_REPORT_3](HTML_REPORT_3.png)
 
+![HTML_REPORT_3_1](HTML_REPORT_3_1.png)
+
 ![HTML_REPORT_4](HTML_REPORT_4.png)
 
+![HTML_REPORT_5](HTML_REPORT_5.png)
+
+![HTML_REPORT_6](HTML_REPORT_6.png)
+
 ---
 
 ## Contributing
diff --git a/package.json b/package.json
index b3ffcc2..0722140 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "code-health-meter",
-  "version": "2.0.0",
+  "version": "2.1.0",
   "description": "",
   "main": "src/index.js",
   "type": "module",
diff --git a/src/commons/AuditUtils.js b/src/commons/AuditUtils.js
index e9f30db..72951d4 100644
--- a/src/commons/AuditUtils.js
+++ b/src/commons/AuditUtils.js
@@ -1,3 +1,5 @@
+import fs from 'fs-extra';
+import path from 'path';
 import crypto from 'crypto';
 import glob from 'globby';
 import unixify from 'unixify';
@@ -59,6 +61,108 @@ const isExcludedFile = (filePath) => (
     false
 );
 
+/**
+ * This asynchronous function reads a file and returns its content as a string.
+ *
+ * @param {string} filePath - The path to the file to be read.
+ * @returns {Promise<string|null>} A promise that resolves to a string containing the file content, or null if an error occurs.
+ *
+ * @example
+ * const content = await getAuditedFileContent('/path/to/file');
+ * print(content); // Logs the content of the file.
+ */
+const getFileContent = async (filePath) => {
+  try {
+    const fileStreamReader = fs.createReadStream(filePath);
+
+    const chunks = [];
+
+    for await (const chunk of fileStreamReader) {
+      chunks.push(Buffer.from(chunk));
+    }
+
+    return Buffer.concat(chunks)?.toString('utf-8')?.trim();
+  } catch (e) {
+    return null;
+  }
+};
+
+/**
+ * This asynchronous function checks if a file contains a specific anti-pattern.
+ *
+ * @param {string} antiPattern - The anti-pattern to check for in the file.
+ * @param {string} source - The file to check for the anti-pattern.
+ * @returns {Promise<boolean>} A promise that resolves to a boolean indicating whether the file contains the anti-pattern.
+ * If an error occurs, it logs the error message and returns false.
+ *
+ * @example
+ * const result = await isNonCompliantFile('anti-pattern', '/path/to/file');
+ * print(result); // Logs true if the file contains the anti-pattern, false otherwise.
+ */
+const isNonCompliantFile = async (antiPattern, source) => {
+  try {
+    if (!antiPattern?.length || !source?.length) {
+      return false;
+    }
+
+    return source?.includes(antiPattern);
+  } catch (error) {
+    AppLogger.info(`[AuditUtils - isNonCompliantFile] error:  ${error.message}`);
+    return false;
+  }
+};
+
+/**
+ * Finds the common base path among a list of files.
+ * @param {string[]} files - The list of file paths.
+ * @returns {string} - Returns the common base path.
+ */
+function findCommonBase(files) {
+  AppLogger.info(`[AuditUtils - findCommonBase] files:  ${files?.length}`);
+
+  if (!files
+        || files.length === 0
+        || files.length === 1) {
+    return '';
+  }
+
+  const lastSlash = files[0].lastIndexOf(path.sep);
+  AppLogger.info(`[AuditUtils - findCommonBase] lastSlash:  ${lastSlash}`);
+
+  if (!lastSlash) {
+    return '';
+  }
+
+  const first = files[0].substr(0, lastSlash + 1);
+  AppLogger.info(`[AuditUtils - findCommonBase] first:  ${first}`);
+
+  let prefixlen = first.length;
+  AppLogger.info(`[AuditUtils - findCommonBase] prefixlen:  ${prefixlen}`);
+
+  /**
+     * Handles the prefixing of a file.
+     * @param {string} file - The file to handle.
+     */
+  function handleFilePrefixing(file) {
+
+    AppLogger.info(`[AuditUtils - findCommonBase] file:  ${file}`);
+
+    for (let i = prefixlen; i > 0; i--) {
+      if (file.substr(0, i) === first.substr(0, i)) {
+        prefixlen = i;
+        return;
+      }
+    }
+    prefixlen = 0;
+  }
+
+  files.forEach(handleFilePrefixing);
+
+  AppLogger.info(`[AuditUtils - findCommonBase] prefixlen:  ${prefixlen}`);
+
+  return first.substr(0, prefixlen);
+}
+
 /**
  * Converts a pattern to a file.
  * @param {string} pattern - The pattern to convert.
@@ -67,10 +171,17 @@ const isExcludedFile = (filePath) => (
 const patternToFile = (pattern) => glob.sync(unixify(pattern));
 
 /**
- * Retrieves all files from a specified directory.
+ * This function retrieves files from a given source directory.
+ *
+ * @param {string} srcDir - The source directory from which to retrieve files.
+ * @returns {Object} An object containing an array of files and the base path.
+ * If an error occurs, it returns an object with an empty files array and null basePath.
+ * @throws Will log the error message if one occurs.
  *
- * @param {string} srcDir - The source directory to retrieve files from.
- * @returns {Array|null} An array of files from the source directory, or null if the source directory is not specified or an error occurs.
+ * @example
+ * const result = getFiles('/path/to/source/directory');
+ * print(result.files); // Logs the array of files.
+ * print(result.basePath); // Logs the base path.
  */
 const getFiles = (srcDir) => {
   try{
@@ -90,11 +201,88 @@ const getFiles = (srcDir) => {
 
     AppLogger.info(`[AuditUtils - parseFiles] files:  ${files?.length}`);
 
-    return files;
+    const basePath = findCommonBase(files);
+
+    return ({
+      files,
+      basePath
+    });
   }catch (error) {
     AppLogger.info(`[AuditUtils - parseFiles] error:  ${error.message}`);
+    return ({
+      files: [],
+      basePath: null
+    });
+  }
+};
+
+/**
+ * Parses a file and returns relevant information.
+ *
+ * @param {string} file - The path to the file.
+ * @param {string} basePath - The base path for all files.
+ * @param {Object} options - The options for parsing.
+ * @param {RegExp} [options.exclude] - A regular expression for files to exclude.
+ * @param {boolean} [options.noempty] - Whether to skip empty lines.
+ * @returns {Object|null} An object containing the file information, or null if the file is excluded or not a JavaScript/TypeScript file.
+ */
+const parseFile = (file, basePath, options) => {
+  AppLogger.info(`[AuditUtils - parseFile] file:  ${file}`);
+  AppLogger.info(`[AuditUtils - parseFile] basePath:  ${basePath}`);
+  AppLogger.info(`[AuditUtils - parseFile] options:  ${options}`);
+
+  const mockPattern = /.*?(Mock).(js|jsx|ts|tsx)$/ig;
+  const testPattern = /.*?(Test).(js|jsx|ts|tsx)$/ig;
+  const nodeModulesPattern = /node_modules/g;
+  const targetModulesPattern = /target/g;
+
+  if (file && (
+    (options.exclude && file.match(options.exclude)) ||
+        file.match(targetModulesPattern) ||
+        file.match(mockPattern) ||
+        file.match(testPattern) ||
+        file.match(nodeModulesPattern)
+  )) {
+    AppLogger.info(`[AuditUtils - parseFile] excluded file:  ${file}`);
+    return null;
+  }
+
+  if (!file.match(/\.(js|jsx|ts|tsx)$/)) {
+    return null;
+  }
+
+  AppLogger.info(`[AuditUtils - parseFile] matched file:  ${file}`);
+
+  const fileShort = file.replace(basePath, '');
+  const fileSafe = fileShort.replace(/[^a-zA-Z0-9]/g, '_');
+
+  AppLogger.info(`[AuditUtils - parseFile] fileShort:  ${fileShort}`);
+  AppLogger.info(`[AuditUtils - parseFile] fileSafe:  ${fileSafe}`);
+
+  let source = fs.readFileSync(file).toString();
+  const trimmedSource = source.trim();
+
+  if (!trimmedSource) {
     return null;
   }
+
+  // if skip empty line option
+  if (options.noempty) {
+    source = source.replace(/^\s*[\r\n]/gm, '');
+  }
+
+  // if begins with shebang
+  if (source[0] === '#' && source[1] === '!') {
+    source = `//${source}`;
+  }
+
+  return ({
+    file,
+    fileSafe,
+    fileShort,
+    source,
+    options,
+  });
 };
 
 /**
@@ -117,6 +305,9 @@ const AuditUtils = {
   isExcludedFile,
   getFiles,
   generateHash,
+  parseFile,
+  getFileContent,
+  isNonCompliantFile,
 };
 
 export default AuditUtils;
diff --git a/src/index.js b/src/index.js
index 20b5172..deaef1a 100755
--- a/src/index.js
+++ b/src/index.js
@@ -7,8 +7,10 @@ import AppLogger from './commons/AppLogger.js';
 import CodeComplexityAuditor from './kernel/complexity/CodeComplexityAuditor.js';
 import CodeCouplingAuditor from './kernel/coupling/CodeCouplingAuditor.js';
 import CodeDuplicationAuditor from './kernel/duplication/CodeDuplicationAuditor.js';
+import CodeSecurityAuditor from './kernel/security/CodeSecurityAuditor.js';
 import CodeComplexityUtils from './kernel/complexity/CodeComplexityUtils.js';
 import CodeCouplingUtils from './kernel/coupling/CodeCouplingUtils.js';
+import CodeSecurityUtils from './kernel/security/CodeSecurityUtils.js';
 
 /**
  * Parses command line arguments.
@@ -46,6 +48,8 @@ if(!srcDir || !outputDir){
   process.exit(-1);
 }
 
+AppLogger.info('***** Code audit start *****');
+
 /**
  * Cleaning workspace
  */
@@ -112,3 +116,23 @@ CodeDuplicationAuditor.startAudit(
   `${outputDir}/code-duplication-audit`,
   format
 );
+
+/**
+ * Starts the code security audit.
+ * @type {Object}
+ */
+const codeSecurityAnalysisResult = await CodeSecurityAuditor.startAudit(srcDir, {});
+
+/**
+ * Writes the audit result to files.
+ */
+CodeSecurityUtils
+  .writeCodeSecurityAuditToFile({
+    codeSecurityOptions: {
+      outputDir: `${outputDir}/code-security-audit`,
+      fileFormat: format, // html or json
+    },
+    codeSecurityAnalysisResult,
+  });
+
+AppLogger.info('***** Code audit finished successfully *****');
diff --git a/src/kernel/complexity/CodeComplexityConfig.js b/src/kernel/complexity/CodeComplexityConfig.js
index 14f4a0d..d9312c0 100644
--- a/src/kernel/complexity/CodeComplexityConfig.js
+++ b/src/kernel/complexity/CodeComplexityConfig.js
@@ -270,20 +270,29 @@ const formatCodeComplexityHtmlReport = (summary, helpMessages, reportsByFile) =>
     <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-T3c6CoIi6uLrA9TneNEoa7RxnatzjcDSCmG1MXxSR1GAsXEV/Dwwykc2MPK8M2HN" crossorigin="anonymous">
     <style>
         body {
-            font-family: "Gill Sans", sans-serif;
-            font-size: 0.9rem;
+          font-family: "Gill Sans", sans-serif;
+          font-size: 0.9rem;
         }
 
         h1 {
-          font-size: 2rem;
+           font-size: 2.2rem;
+           text-decoration: underline;
         }
 
         h2 {
-           font-size: 1.5rem;
+           font-size: 2.0rem;
         }
 
-        span {
-          font-size: 0.9rem;
+        h3 {
+           font-size: 1.8rem;
+        }
+
+        h4 {
+           font-size: 1.6rem;
+        }
+        
+        h5 {
+           font-size: 1.4rem;
         }
         
         .modal-body{
diff --git a/src/kernel/complexity/CodeComplexityUtils.js b/src/kernel/complexity/CodeComplexityUtils.js
index ad909e9..7210279 100644
--- a/src/kernel/complexity/CodeComplexityUtils.js
+++ b/src/kernel/complexity/CodeComplexityUtils.js
@@ -12,6 +12,7 @@ const {
 
 const {
   getFiles,
+  parseFile,
 } = AuditUtils;
 
 /**
@@ -171,91 +172,22 @@ const getOverviewReport = (reports) => {
   };
 };
 
-/**
- * Parses a file and returns relevant information.
- *
- * @param {string} file - The path to the file.
- * @param {string} commonBasePath - The common base path for all files.
- * @param {Object} options - The options for parsing.
- * @param {RegExp} [options.exclude] - A regular expression for files to exclude.
- * @param {boolean} [options.noempty] - Whether to skip empty lines.
- * @returns {Object|null} An object containing the file information, or null if the file is excluded or not a JavaScript/TypeScript file.
- */
-const parseFile = (file, commonBasePath, options) => {
-  AppLogger.info(`[CodeComplexityUtils - parseFile] file:  ${file}`);
-  AppLogger.info(`[CodeComplexityUtils - parseFile] commonBasePath:  ${commonBasePath}`);
-  AppLogger.info(`[CodeComplexityUtils - parseFile] options:  ${options}`);
-
-  const mockPattern = /.*?(Mock).(js|jsx|ts|tsx)$/ig;
-  const testPattern = /.*?(Test).(js|jsx|ts|tsx)$/ig;
-  const nodeModulesPattern = /node_modules/g;
-  const targetModulesPattern = /target/g;
-
-  if (file && (
-    (options.exclude && file.match(options.exclude)) ||
-      file.match(targetModulesPattern) ||
-      file.match(mockPattern) ||
-      file.match(testPattern) ||
-      file.match(nodeModulesPattern)
-  )) {
-    AppLogger.info(`[CodeComplexityUtils - parseFile] excluded file:  ${file}`);
-    return null;
-  }
-
-  if (!file.match(/\.(js|jsx|ts|tsx)$/)) {
-    return null;
-  }
-
-  AppLogger.info(`[CodeComplexityUtils - parseFile] matched file:  ${file}`);
-
-  const fileShort = file.replace(commonBasePath, '');
-  const fileSafe = fileShort.replace(/[^a-zA-Z0-9]/g, '_');
-
-  AppLogger.info(`[CodeComplexityUtils - parseFile] fileShort:  ${fileShort}`);
-  AppLogger.info(`[CodeComplexityUtils - parseFile] fileSafe:  ${fileSafe}`);
-
-  let source = fs.readFileSync(file).toString();
-  const trimmedSource = source.trim();
-
-  if (!trimmedSource) {
-    return null;
-  }
-
-  // if skip empty line option
-  if (options.noempty) {
-    source = source.replace(/^\s*[\r\n]/gm, '');
-  }
-
-  // if begins with shebang
-  if (source[0] === '#' && source[1] === '!') {
-    source = `//${source}`;
-  }
-
-  return ({
-    file,
-    fileSafe,
-    fileShort,
-    source,
-    options,
-  });
-};
-
 /**
  * Inspects a file and runs reports against it.
  *
  * @param {Object} params - The parameters for the function.
  * @param {string} params.file - The path to the file.
- * @param {string} params.commonBasePath - The common base path for all files.
+ * @param {string} params.basePath - The common base path for all files.
  * @param {Object} params.options - The options for parsing and reporting.
  * @returns {Object|null} An object containing the reports for each analyzer, or null if an error occurs.
  */
 const inspectFile = ({
   file,
-  commonBasePath,
+  basePath,
   options
 }) => {
   try {
-    const report = parseFile(file, commonBasePath, options);
+    const report = parseFile(file, basePath, options);
     if(!report){
       return null;
     }
@@ -285,7 +217,7 @@ const inspectFile = ({
           acc[analyzerName] = reporter?.process(source, options[analyzerName], reportInfo);
           return acc;
         } catch (error) {
-          console.log(`[parseFile]: file ${file} process error:  ${error}`, options);
+          AppLogger.info(`[CodeComplexityUtils - parseFile]: file ${file} process error:  ${error}`);
           return acc;
         }
       }, {});
@@ -295,57 +227,6 @@ const inspectFile = ({
   }
 };
 
-/**
- * Finds the common base path among a list of files.
- * @param {string[]} files - The list of file paths.
- * @returns {string} - Returns the common base path.
- */
-function findCommonBase(files) {
-  AppLogger.info(`[CodeComplexityUtils - findCommonBase] files:  ${files?.length}`);
-
-  if (!files
-      || files.length === 0
-      || files.length === 1) {
-    return '';
-  }
-
-  const lastSlash = files[0].lastIndexOf(path.sep);
-  AppLogger.info(`[CodeComplexityUtils - findCommonBase] lastSlash:  ${lastSlash}`);
-
-  if (!lastSlash) {
-    return '';
-  }
-
-  const first = files[0].substr(0, lastSlash + 1);
-  AppLogger.info(`[CodeComplexityUtils - findCommonBase] first:  ${first}`);
-
-  let prefixlen = first.length;
-  AppLogger.info(`[CodeComplexityUtils - findCommonBase] prefixlen:  ${prefixlen}`);
-
-  /**
-   * Handles the prefixing of a file.
-   * @param {string} file - The file to handle.
-   */
-  function handleFilePrefixing(file) {
-
-    AppLogger.info(`[CodeComplexityUtils - findCommonBase] file:  ${file}`);
-
-    for (let i = prefixlen; i > 0; i--) {
-      if (file.substr(0, i) === first.substr(0, i)) {
-        prefixlen = i;
-        return;
-      }
-    }
-    prefixlen = 0;
-  }
-
-  files.forEach(handleFilePrefixing);
-
-  AppLogger.info(`[CodeComplexityUtils - findCommonBase] prefixlen:  ${prefixlen}`);
-
-  return first.substr(0, prefixlen);
-}
-
 /**
  * Inspect directory files.
  * @param {string} srcDir - The directory to parse.
@@ -354,8 +235,12 @@ function findCommonBase(files) {
  */
 const inspectFiles = (srcDir, options) => {
   try {
-    const files = getFiles(srcDir);
+    const {
+      files,
+      basePath
+    } = getFiles(srcDir);
     AppLogger.info(`[CodeComplexityUtils - inspectFiles] files:  ${files?.length}`);
+    AppLogger.info(`[CodeComplexityUtils - inspectFiles] basePath:  ${basePath}`);
 
     if(!files?.length){
       return [];
@@ -366,17 +251,13 @@ const inspectFiles = (srcDir, options) => {
       ...complexityReportOptions,
     };
 
-    const commonBasePath = findCommonBase(files);
-
-    AppLogger.info(`[CodeComplexityUtils - inspectFiles] commonBasePath:  ${commonBasePath}`);
-
     const reports = [];
 
     for (let i = 0; i < files.length; i += 1) {
       const file = files[i];
       const report = inspectFile({
         file,
-        commonBasePath,
+        basePath,
         options: mergedOptions,
       });
       if (report &&
@@ -418,11 +299,11 @@ const inspectDirectory = ({
 };
 
 /**
- * Groups reports by file.
+ * Groups code complexity reports by file.
  * @param {Array} reports - The reports to group.
  * @returns {Object} - Returns an object with the reports grouped by file.
  */
-const groupReportsByFile = (reports) => reports?.reduce((acc, report) => ({
+const groupCodeComplexityReportsByFile = (reports) => reports?.reduce((acc, report) => ({
   ...acc,
   [report.file]: [
     ...(acc[report.file] || []),
@@ -445,7 +326,7 @@ const formatCodeComplexityAuditReports = ({
   auditReports,
   fileFormat,
 }) => {
-  const reportsByFile = groupReportsByFile(auditReports);
+  const reportsByFile = groupCodeComplexityReportsByFile(auditReports);
 
   if(fileFormat === 'json'){
     return JSON.stringify({
diff --git a/src/kernel/coupling/CodeCouplingConfig.js b/src/kernel/coupling/CodeCouplingConfig.js
index e6e2754..87a864f 100644
--- a/src/kernel/coupling/CodeCouplingConfig.js
+++ b/src/kernel/coupling/CodeCouplingConfig.js
@@ -73,7 +73,7 @@ const buildTableHtmlData = (reports) => {
  *   ['ModuleA', 'ModuleB', 'ModuleA']
  * ];
  *
- * console.log(buildCircularDependenciesList(circularDependencies));
+ * print(buildCircularDependenciesList(circularDependencies));
  * // Output:
  * // <h3 class="text-left pb-2 mb-2 mt-2 border-bottom border-black">
  * //     Group 1
@@ -153,19 +153,24 @@ const formatCodeCouplingHtmlReports = ({
         }
 
         h1 {
-           font-size: 2rem;
+           font-size: 2.2rem;
+           text-decoration: underline;
         }
 
         h2 {
-           font-size: 1.5rem;
+           font-size: 2.0rem;
         }
 
         h3 {
-           font-size: 1.2rem;
+           font-size: 1.8rem;
         }
 
-        span {
-           font-size: 1rem;
+        h4 {
+           font-size: 1.6rem;
+        }
+        
+        h5 {
+           font-size: 1.4rem;
         }
         
         .modal-body{
diff --git a/src/kernel/security/CodeSecurityAuditor.js b/src/kernel/security/CodeSecurityAuditor.js
new file mode 100644
index 0000000..17d1776
--- /dev/null
+++ b/src/kernel/security/CodeSecurityAuditor.js
@@ -0,0 +1,43 @@
+import AppLogger from '../../commons/AppLogger.js';
+import CodeSecurityUtils from './CodeSecurityUtils.js';
+
+const {
+  inspectDirectory,
+} = CodeSecurityUtils;
+
+/**
+ * Starts the audit process for a given directory and options.
+ *
+ * @async
+ * @param {string} directory - The directory to audit.
+ * @param {object} options - Audit options
+ * @returns {Promise<*[]>} - Returns an array containing the results of the audit.
+ * @throws {Error} - Throws an error if there was a problem starting the audit.
+ */
+const startAudit = async (directory, options) => {
+  try {
+    AppLogger.info(`[CodeSecurityAuditor - startAudit] directory:  ${directory}`);
+
+    if(!directory?.length){
+      return [];
+    }
+
+    const securityAuditReports = await inspectDirectory({
+      srcDir: directory,
+      options,
+    });
+
+    AppLogger.info(`[CodeSecurityAuditor - startAudit] securityAuditReports:  ${securityAuditReports?.length}`);
+
+    return securityAuditReports;
+  } catch (error) {
+    AppLogger.info(`[CodeSecurityAuditor - startAudit] error:  ${error.message}`);
+    return [];
+  }
+};
+
+const CodeSecurityAuditor = {
+  startAudit
+};
+
+export default CodeSecurityAuditor;
\ No newline at end of file
diff --git a/src/kernel/security/CodeSecurityConfig.js b/src/kernel/security/CodeSecurityConfig.js
new file mode 100644
index 0000000..d4fadab
--- /dev/null
+++ b/src/kernel/security/CodeSecurityConfig.js
@@ -0,0 +1,555 @@
+import Matcher from '../../commons/Matcher.js';
+
+const SECURITY_ANTI_PATTERNS_TOKENS = [
+  'findDOMNode',
+  'createFactory',
+  'createElement',
+  'cloneElement',
+  'dangerouslySetInnerHTML',
+  '.innerHtml',
+  '.outerHtml',
+  '.writeln(',
+  '.write(',
+  '<iframe>',
+  'alert(',
+  'console.',
+  'javascript:',
+  'localStorage',
+  'sessionStorage',
+  'cookie',
+  'eval(',
+];
+
+/**
+ * Format helpful commons links
+ * @returns {Object}
+ */
+const formatCommonsDocLinks = () => [
+  {
+    type: 'doc',
+    label: 'OWASP Checklist',
+    value: 'https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html#html-sanitization',
+  },
+  {
+    type: 'doc',
+    label: 'OWASP Top 10 Web Application Security Risks',
+    value: 'https://owasp.org/www-project-top-ten/',
+  },
+  {
+    type: 'doc',
+    label: 'CWE Top 25 Most Dangerous Software Weaknesses',
+    value: 'https://cwe.mitre.org/top25/archive/2023/2023_top25_list.html',
+  },
+];
+
+/**
+ * This function formats documentation links based on the anti-pattern provided.
+ * @param {string} antiPattern - The anti-pattern for which the documentation links are to be formatted.
+ */
+const formatDocLinks = (antiPattern) => Matcher()
+  .on(() => antiPattern === 'findDOMNode', () => ([
+    ...formatCommonsDocLinks(),
+    {
+      type: 'doc',
+      label: 'More information',
+      value: 'https://react.dev/reference/react-dom/findDOMNode',
+    },
+  ]))
+  .on(() => antiPattern === 'createFactory', () => ([
+    ...formatCommonsDocLinks(),
+    {
+      type: 'doc',
+      label: 'More information',
+      value: 'https://react.dev/reference/react/createFactory',
+    },
+  ]))
+  .on(() => antiPattern === 'dangerouslySetInnerHTML', () => ([
+    ...formatCommonsDocLinks(),
+    {
+      type: 'doc',
+      label: 'DOMPurify',
+      value: 'https://www.npmjs.com/package/dompurify',
+    },
+    {
+      type: 'doc',
+      label: 'OWASP Cross Site Scripting Prevention',
+      value: 'https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html',
+    },
+    {
+      type: 'doc',
+      label: 'More information',
+      value: 'https://react.dev/reference/react-dom/components/common#dangerously-setting-the-inner-html',
+    },
+  ]))
+  .on(() => (antiPattern === 'iframe'), () => ([
+    ...formatCommonsDocLinks(),
+    {
+      type: 'doc',
+      label: 'More information',
+      value: 'https://owasp.org/www-community/attacks/Cross_Frame_Scripting',
+    },
+  ]))
+  .on(() => (antiPattern === 'alert'), () => ([
+    ...formatCommonsDocLinks(),
+    {
+      type: 'doc',
+      label: 'More information',
+      value: 'https://cheatsheetseries.owasp.org/cheatsheets/Logging_Cheat_Sheet.html',
+    },
+  ]))
+  .on(() => (antiPattern === 'console'), () => ([
+    ...formatCommonsDocLinks(),
+    {
+      type: 'doc',
+      label: 'More information',
+      value: 'https://cheatsheetseries.owasp.org/cheatsheets/Nodejs_Security_Cheat_Sheet.html#perform-application-activity-logging',
+    },
+  ]))
+  .on(() => (
+    antiPattern === 'cookie' ||
+        antiPattern === 'sessionStorage'||
+        antiPattern === 'localStorage'
+  ), () => ([
+    ...formatCommonsDocLinks(),
+    {
+      type: 'doc',
+      label: 'Session hijacking',
+      value: 'https://developer.mozilla.org/fr/docs/Glossary/Session_Hijacking',
+    },
+    {
+      type: 'doc',
+      label: 'More information',
+      value: 'https://fr.wikipedia.org/wiki/Hijacking',
+    },
+  ]))
+  .on(() => antiPattern === 'eval', () => ([
+    ...formatCommonsDocLinks(),
+    {
+      type: 'doc',
+      label: 'eval()',
+      value: 'https://developer.mozilla.org/fr/docs/Web/JavaScript/Reference/Global_Objects/eval#nutiliser_eval_quen_dernier_recours_!',
+    },
+    {
+      type: 'doc',
+      label: 'expression()',
+      value: 'https://www.zonecss.fr/proprietes-css/expression-css-fonction.html#:~:text=D%C3%A9finition%20de%20la%20CSS%20expression,%3B%20width%20%3A%20expression(%20document.',
+    },
+    {
+      type: 'doc',
+      label: 'More information',
+      value: 'https://cwe.mitre.org/data/definitions/95.html',
+    },
+  ]))
+  .otherwise(() => ([
+    ...formatCommonsDocLinks(),
+  ]));
+
+/**
+ * This function formats the evolution of security audit based on the anti-pattern.
+ *
+ * @param {string} antiPattern - The anti-pattern to be checked.
+ * @returns {Object|null} - An object containing the type, branch, title, description, and docLinks for the keyword. If the anti-pattern does not match any condition, it returns null.
+ *
+ * @example
+ *
+ * const params = {
+ *   antiPattern: 'dangerouslySetInnerHTML',
+ *   auditBranch: 'main'
+ * };
+ *
+ * const evolution = formatRecommendation(params);
+ * // Output:
+ * // {
+ * //   type: 'frontend',
+ * //   branch: 'main',
+ * //   title: 'The use of the React capability dangerouslySetInnerHTML must be with caution.',
+ * //   description: '...',
+ * //   docLinks: '...',
+ * // }
+ */
+const formatRecommendation = (antiPattern) => Matcher()
+  .on(() => (
+    antiPattern === 'findDOMNode' ||
+        antiPattern === 'createElement' ||
+        antiPattern === 'createFactory' ||
+        antiPattern === 'cloneElement'
+  ), () => ({
+    'type': 'frontend',
+    'title': `Replace ${antiPattern} with a regular React component.`,
+    'description': `
+- The APIs findDOMNode and createFactory are deprecated and will be removed in the next major version of React.<br />
+- The use of these React capabilities is not recommended for security and performance reasons: findDOMNode, createElement, createFactory, and cloneElement.<br />
+- Imperative access and manipulation of HTML elements (DOM) are not recommended in React for performance and security reasons.<br />
+- React is a declarative API, the DOM lifecycle (insertion, deletion, update, ...) must be fully managed by React.<br />
+      `,
+    'docLinks': formatDocLinks(antiPattern),
+  }
+  ))
+  .on(() => (
+    antiPattern === 'innerHtml' ||
+        antiPattern === 'outerHtml' ||
+        antiPattern === 'write' ||
+        antiPattern === 'writeln'
+  ), () => ({
+    'type': 'frontend',
+    'title': `Replace or sanitize ${antiPattern}.`,
+    'description': `
+- The HTML APIs such as innerHtml, outerHtml, write, and writeln are often the culprits behind DOM-based Cross-Site Scripting (XSS) attacks. These attacks occur when these APIs are fed with untrusted inputs, leading to potential XSS vulnerabilities.<br />
+- To mitigate this risk, it’s recommended to avoid using innerHtml. Instead, safer alternatives like innerText or textContent should be used as they do not interpret the passed content as HTML, but instead insert it as raw text. This helps prevent the execution of malicious scripts.<br />
+- Remember, always validate and sanitize inputs to prevent security vulnerabilities. It’s a good practice to follow the principle of least privilege, only allowing necessary actions to be performed to minimize potential damage.<br />
+`,
+    'docLinks': formatDocLinks(antiPattern),
+  }
+  ))
+  .on(() => antiPattern === 'dangerouslySetInnerHTML', () => ({
+    'type': 'frontend',
+    'title': `The use of the React capability ${antiPattern} must be with caution.`,
+    'description': `
+- The html string given to dangerouslySetInnerHTML must be necessarily purified using DOMPurify (DOMPurify.sanitize(htmlData)).<br />
+- The use of dangerouslySetInnerHTML must be minimal and limited to data received from the backend to avoid security issues.<br />
+- The use of JSON.stringify with dangerouslySetInnerHTML must be with caution (dynamic injection vulnerability).<br />
+    `,
+    'docLinks': formatDocLinks(antiPattern),
+  }
+  ))
+  .on(() => (antiPattern === 'iframe'), () => ({
+    'type': 'frontend',
+    'title': `The use of ${antiPattern} must be with caution.`,
+    'description': 'iFrames, while useful, pose security risks such as Cross-Site Scripting (XSS) attacks, iFrame injection, iFrame phishing, Cross-Frame Scripting (XFS), and clickjacking, which can lead to data theft, malware installation, and redirection to malicious sites.',
+    'docLinks': formatDocLinks(antiPattern),
+  }))
+  .on(() => antiPattern === 'alert', () => ({
+    'type': 'frontend',
+    'title': 'alert(...) should not be used.',
+    'description': 'alert(...) as well as confirm(...) and prompt(...) can be useful for debugging during development, but in production mode this kind of pop-up could expose sensitive information to attackers, and should never be displayed.',
+    'docLinks': formatDocLinks(antiPattern),
+  }))
+  .on(() => antiPattern === 'console', () => ({
+    'type': 'frontend',
+    'title': 'console should not be used.',
+    'description': 'It is not recommended to leave or store sensitive data (even mocks) in the Frontend or to log sensitive data in the console.',
+    'docLinks': formatDocLinks(antiPattern),
+  }))
+  .on(() => (antiPattern === 'javascript'), () => ({
+    'type': 'frontend',
+    'title': `The use of urls (href or src) with "${antiPattern}:" is not recommended.`,
+    'description': 'The use of javascript: or data: is not recommended for security reasons. Example: <a href="javascript: alert(1)">.',
+    'docLinks': formatDocLinks(antiPattern),
+  }))
+  .on(() => (
+    antiPattern === 'cookie' ||
+        antiPattern === 'sessionStorage'||
+        antiPattern === 'localStorage'
+  ), () => ({
+    'type': 'frontend',
+    'title': `The use of ${antiPattern} must be with caution.`,
+    'description': 'Cookies, sessionStorage, and localStorage, while useful for storing data on the client side, are susceptible to security risks such as session hijacking, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), and potential data theft or tampering.',
+    'docLinks': formatDocLinks(antiPattern),
+  }))
+  .on(() => antiPattern === 'eval', () => ({
+    'type': 'frontend',
+    'title': `The use of "${antiPattern}" is not recommended.`,
+    'description': `
+- eval() is a dangerous function that executes the code passed as an argument with the privileges of the calling environment.
+If eval() is used with a maliciously constructed string, it could result in the execution of malicious code on the user's machine with the permissions given to the site or add-on.
+At an even more critical level, third-party code could thus consult the scope in which eval() was invoked. This could allow attacks that would not have been made possible using a Function object.<br />
+
+- eval() is also slower than alternative methods.
+Indeed, evaluation requires calling the JavaScript interpreter while many structures are optimized by modern JavaScript engines.<br />
+
+- The equivalent of eval() in css is expression(). Similarly, the use of expression() is not recommended in css.
+The CSS pseudo property expression() allows to insert Javascript in the CSS sheet.<br />
+    `,
+    'docLinks': formatDocLinks(antiPattern),
+  }))
+  .otherwise(() => null);
+
+/**
+ * This function formats the security audit report based on the anti-pattern.
+ *
+ * @param {Object} params - The parameters for the function.
+ * @param {string} params.fileName - The name of the file being audited.
+ * @param {string} params.antiPattern - The anti-pattern to be checked.
+ *
+ * @returns {Object} - An object containing the formatted security audit report item for the given anti-pattern.
+ *
+ * @example
+ *
+ * const params = {
+ *   fileName: '/src/App.js',
+ *   antiPattern: 'dangerouslySetInnerHTML',
+ *   auditBranch: 'main',
+ * };
+ *
+ * const report = formatSecurityAuditReport(params);
+ * // Output:
+ * // {
+ * //   type: 'frontend',
+ * //   branch: 'main',
+ * //   title: 'The use of the React capability dangerouslySetInnerHTML must be with caution.',
+ * //   description: '',
+ * //   docLinks: '...',
+ * //   ...
+ * // }
+ */
+const formatSecurityAuditReport = ({
+  fileName,
+  antiPattern,
+}) => ({
+  'findDOMNode': {
+    file: fileName,
+    antiPattern: 'findDOMNode',
+    title: `The use of the React capability ${antiPattern} is not recommended.`,
+    recommendation: formatRecommendation('findDOMNode'),
+  },
+  'createFactory': {
+    file: fileName,
+    antiPattern: 'createFactory',
+    title: `The use of the React capability ${antiPattern} is not recommended.`,
+    recommendation: formatRecommendation('createFactory'),
+  },
+  'createElement': {
+    file: fileName,
+    antiPattern: 'createElement',
+    title: `The use of the React capability ${antiPattern} is not recommended.`,
+    recommendation: formatRecommendation('createElement'),
+  },
+  'cloneElement': {
+    file: fileName,
+    antiPattern: 'cloneElement',
+    title: `The use of the React capability ${antiPattern} is not recommended.`,
+    recommendation: formatRecommendation('cloneElement'),
+  },
+  'dangerouslySetInnerHTML': {
+    file: fileName,
+    antiPattern: 'dangerouslySetInnerHTML',
+    title: `The use of the React capability ${antiPattern} must be with caution.`,
+    recommendation: formatRecommendation('dangerouslySetInnerHTML'),
+  },
+  '.innerHtml': {
+    file: fileName,
+    antiPattern: 'innerHtml',
+    title: 'The use of the HTML API "innerHtml" must be with caution.',
+    recommendation: formatRecommendation('innerHtml'),
+  },
+  '.outerHtml': {
+    file: fileName,
+    antiPattern: 'outerHtml',
+    title: 'The use of the HTML API "outerHtml" must be with caution.',
+    recommendation: formatRecommendation('outerHtml'),
+  },
+  '.writeln(': {
+    file: fileName,
+    antiPattern: 'writeln',
+    title: 'The use of the HTML API "writeln" must be with caution.',
+    recommendation: formatRecommendation('writeln'),
+  },
+  '.write(': {
+    file: fileName,
+    antiPattern: 'write',
+    title: 'The use of the HTML API "write" must be with caution.',
+    recommendation: formatRecommendation('write'),
+  },
+  '<iframe>': {
+    file: fileName,
+    antiPattern: 'iframe',
+    title: 'The use of the HTML tag "iframe" must be with caution.',
+    recommendation: formatRecommendation('iframe'),
+  },
+  'javascript:': {
+    file: fileName,
+    antiPattern: 'javascript',
+    title: 'The use of urls (href or src) with "javascript:" is not recommended.',
+    recommendation: formatRecommendation('javascript'),
+  },
+  'alert(': {
+    file: fileName,
+    antiPattern: 'alert',
+    title: 'The use of the JavaScript API "alert" is not recommended in PROD.',
+    recommendation: formatRecommendation('alert'),
+  },
+  'console.': {
+    file: fileName,
+    antiPattern: 'console',
+    title: 'The use of the JavaScript API "console" is not recommended in PROD.',
+    recommendation: formatRecommendation('console'),
+  },
+  'localStorage': {
+    file: fileName,
+    antiPattern: 'localStorage',
+    title: `The use of "${antiPattern}" must be with caution.`,
+    recommendation: formatRecommendation('localStorage'),
+  },
+  'sessionStorage': {
+    file: fileName,
+    antiPattern: 'sessionStorage',
+    title: `The use of "${antiPattern}" must be with caution.`,
+    recommendation: formatRecommendation('sessionStorage'),
+  },
+  'cookie': {
+    file: fileName,
+    antiPattern: 'cookie',
+    title: `The use of "${antiPattern}" must be with caution.`,
+    recommendation: formatRecommendation('cookie'),
+  },
+  'eval(': {
+    file: fileName,
+    antiPattern: 'eval',
+    title: 'The use of "eval" is not recommended.',
+    recommendation: formatRecommendation('eval'),
+  },
+})[antiPattern];
+
+/**
+ * Build report recommendations
+ * @param {object} report
+ * @returns {string}
+ */
+const buildReportRecommendations = (report) => {
+  if(!report?.recommendation){
+    return '';
+  }
+
+  const {
+    title,
+    description,
+    docLinks,
+  } = report.recommendation;
+
+  return `
+  <div>
+    <p class="lh-base">
+      <strong>${title}</strong>
+    </p>
+    <p class="lh-base">
+      ${description}
+    </p>
+    <p class="lh-base">
+       ${docLinks?.map(link => `<a target="_blank" href="${link.value}">${link.label}</a>`)?.join(', ')}
+    </p>
+  </div>
+  `;
+};
+
+/**
+ * Builds HTML data for a table.
+ * @param {Object} reportsByFile - The reports grouped by file.
+ * @returns {Object} - Returns an object with the table headers and rows.
+ */
+const buildTableHtmlData = (reportsByFile) => {
+  const files = Object.keys(reportsByFile);
+
+  const columnsNames = [
+    'file',
+    'title',
+    'recommendations'
+  ];
+
+  const tableHeaders = columnsNames
+    .map(key => `<th scope="col">${key}</th>`).join('\n');
+
+  const buildReportsRows = (fileReports) => fileReports
+    .map((report) => `
+      <tr>
+        <td>${report.file}</td>
+        <td>${report.title}</td>
+        <td>${buildReportRecommendations(report)}</td>
+      </tr>`
+    ).join('\n');
+
+  const tableRows = files
+    .map(file => `
+      <tr>
+        <td colspan="3" class="text-center bg-primary-subtle">
+           <strong>${file}</strong>
+        </td>
+      </tr>
+      ${buildReportsRows(reportsByFile[file])}`)
+    .join('\n');
+
+  return({
+    tableHeaders,
+    tableRows,
+  });
+};
+
+/**
+ * Format Html Security Reports
+ * @param {Object} reportsByFile - The reports grouped by file
+ * @returns {string} - The html report
+ */
+const formatCodeSecurityHtmlReport = (reportsByFile) => {
+  const {
+    tableHeaders,
+    tableRows,
+  } = buildTableHtmlData(reportsByFile);
+
+  return `
+<!doctype html>
+<html lang="en">
+<head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <title>Audit Reports</title>
+    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-T3c6CoIi6uLrA9TneNEoa7RxnatzjcDSCmG1MXxSR1GAsXEV/Dwwykc2MPK8M2HN" crossorigin="anonymous">
+    <style>
+        body {
+          font-family: "Gill Sans", sans-serif;
+          font-size: 0.9rem;
+        }
+
+        h1 {
+           font-size: 2.2rem;
+           text-decoration: underline;
+        }
+
+        h2 {
+           font-size: 2.0rem;
+        }
+
+        h3 {
+           font-size: 1.8rem;
+        }
+
+        h4 {
+           font-size: 1.6rem;
+        }
+        
+        h5 {
+           font-size: 1.4rem;
+        }
+    </style>
+</head>
+<body>
+
+<h1 class="text-center mb-4 mt-4">Code Security Analysis</h1>
+
+<!-- Modules Stats -->
+<div class="container text-left mb-4 mt-4">
+  <div class="text-start">
+    <table class="table table-striped table-responsive caption-top table-bordered border-primary-subtle">
+      <caption>Analysis Details</caption>
+      <thead class="table-light text-uppercase">
+        <tr>
+            ${tableHeaders}
+        </tr>
+      </thead>
+      <tbody class="table-group-divider">
+        ${tableRows}
+      </tbody>
+    </table>
+  </div>
+</div>
+    <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/js/bootstrap.bundle.min.js" integrity="sha384-C6RzsynM9kWDrMNeT87bh95OGNyZPhcTNXj1NW7RuBCsyN/o0jlpcV8Qyq46cDfL" crossorigin="anonymous"></script>
+</body>
+</html>
+    `;
+};
+
+const CodeSecurityConfig = {
+  SECURITY_ANTI_PATTERNS_TOKENS,
+  formatSecurityAuditReport,
+  formatCodeSecurityHtmlReport,
+};
+
+export default CodeSecurityConfig;
\ No newline at end of file
diff --git a/src/kernel/security/CodeSecurityUtils.js b/src/kernel/security/CodeSecurityUtils.js
new file mode 100644
index 0000000..e42d131
--- /dev/null
+++ b/src/kernel/security/CodeSecurityUtils.js
@@ -0,0 +1,200 @@
+import path from 'path';
+import fs from 'fs-extra';
+import AppLogger from '../../commons/AppLogger.js';
+import AuditUtils from '../../commons/AuditUtils.js';
+import CodeSecurityConfig from './CodeSecurityConfig.js';
+
+const {
+  getFiles,
+  parseFile,
+  isNonCompliantFile,
+} = AuditUtils;
+
+const {
+  SECURITY_ANTI_PATTERNS_TOKENS,
+  formatSecurityAuditReport,
+  formatCodeSecurityHtmlReport,
+} = CodeSecurityConfig;
+
+/**
+ * Inspects the source directory.
+ * @param {Object} params - The parameters for the inspection.
+ * @returns {Promise<*[]>} - Returns an object containing the overview report.
+ */
+const inspectDirectory = async ({
+  srcDir,
+  options,
+}) => {
+  try {
+    AppLogger.info(`[CodeSecurityUtils - inspectDirectory] srcDir:  ${srcDir}`);
+
+    const {
+      files,
+      basePath
+    } = getFiles(srcDir);
+    AppLogger.info(`[CodeSecurityUtils - inspectDirectory] files:  ${files?.length}`);
+    AppLogger.info(`[CodeSecurityUtils - inspectDirectory] basePath:  ${basePath}`);
+
+    if(!files?.length){
+      return [];
+    }
+
+    const securityAuditReports = [];
+
+    for (const file of files) {
+      const report = parseFile(file, basePath, options);
+      if(!report){
+        continue;
+      }
+
+      const {
+        source,
+      } = report;
+      AppLogger.info(`[CodeSecurityUtils - inspectDirectory] source:  ${source?.length}`);
+      if(!source?.length){
+        continue;
+      }
+
+      for (const antiPattern of SECURITY_ANTI_PATTERNS_TOKENS) {
+        const nonCompliantStatus = await isNonCompliantFile(antiPattern, source);
+        AppLogger.info(`[CodeSecurityUtils - inspectDirectory] nonCompliantStatus:  ${nonCompliantStatus}`);
+
+        if (nonCompliantStatus !== true) {
+          continue;
+        }
+
+        const securityAuditReport = formatSecurityAuditReport({
+          fileName: file,
+          antiPattern,
+        });
+
+        AppLogger.info(`[CodeSecurityUtils - inspectDirectory] securityAuditReport:  ${Object.keys(securityAuditReport || {}).join(',')}`);
+        if (!securityAuditReport) {
+          continue;
+        }
+          
+        securityAuditReports.push(securityAuditReport);
+      }
+    }
+
+    return securityAuditReports;
+  } catch (error) {
+    return [];
+  }
+};
+
+/**
+ * Groups code Security reports by file.
+ * @param {Array} reports - The reports to group.
+ * @returns {Object} - Returns an object with the reports grouped by file.
+ */
+const groupCodeSecurityReportsByFile = (reports) => reports?.reduce((acc, report) => ({
+  ...acc,
+  [report.file]: [
+    ...(acc[report.file] || []),
+    report,
+  ],
+}), {});
+
+/**
+ * Formats the audit reports.
+ * @param {Array} auditReports - The audit reports to format.
+ * @param {string} fileFormat - The format of the file.
+ * @returns {string} - Returns a string with the formatted reports.
+ */
+const formatCodeSecurityAuditReports = ({
+  auditReports,
+  fileFormat,
+}) => {
+  const reportsByFile = groupCodeSecurityReportsByFile(auditReports);
+
+  if(fileFormat === 'json'){
+    return JSON.stringify({
+      reports: reportsByFile,
+    }, null, 2);
+  }
+
+  if(fileFormat === 'html'){
+    return formatCodeSecurityHtmlReport(reportsByFile);
+  }
+
+  return '';
+};
+
+/**
+ * This function writes the results of a code security audit to a file.
+ *
+ * @param {Object} codeSecurityOptions - The options for the code security audit.
+ * @param {string} codeSecurityOptions.outputDir - The directory where the output file will be written.
+ * @param {string} codeSecurityOptions.fileFormat - The format of the output file.
+ * @param {Array} codeSecurityAnalysisResult - The results of the code security audit.
+ * @returns {boolean} Returns true if the file was successfully written, false otherwise.
+ * @throws Will log the error message if an error occurs.
+ *
+ * @example
+ * const result = writeCodeSecurityAuditToFile({
+ *   codeSecurityOptions: {
+ *     outputDir: '/path/to/output/directory',
+ *     fileFormat: 'json'
+ *   },
+ *   codeSecurityAnalysisResult: [...]
+ * });
+ * console.log(result); // Logs true if the file was successfully written, false otherwise.
+ */
+const writeCodeSecurityAuditToFile = ({
+  codeSecurityOptions,
+  codeSecurityAnalysisResult,
+}) => {
+  try{
+    const {
+      outputDir,
+      fileFormat,
+    } = codeSecurityOptions || {};
+
+    AppLogger.info(`[CodeSecurityUtils - writeCodeSecurityAuditToFile] outputDir:  ${outputDir}`);
+    AppLogger.info(`[CodeSecurityUtils - writeCodeSecurityAuditToFile] fileFormat:  ${fileFormat}`);
+
+    if(!outputDir?.length){
+      return false;
+    }
+    
+    const codeSecurityAuditOutputFileName = `CodeSecurityReport.${fileFormat || 'json'}`;
+    AppLogger.info(`[CodeSecurityUtils - writeCodeSecurityAuditToFile] codeSecurityAuditOutputFileName:  ${codeSecurityAuditOutputFileName}`);
+
+    const codeSecurityAuditOutputFile = path.join(outputDir, codeSecurityAuditOutputFileName);
+    AppLogger.info(`[CodeSecurityUtils - writeCodeSecurityAuditToFile] codeSecurityAuditOutputFile:  ${codeSecurityAuditOutputFile}`);
+
+    if(fs.existsSync(codeSecurityAuditOutputFile)){
+      fs.rmSync(codeSecurityAuditOutputFile);
+    } else {
+      fs.mkdirSync(outputDir, {
+        recursive: true
+      });
+    }
+
+    const formattedCodeSecurityAuditReports = formatCodeSecurityAuditReports({
+      auditReports: codeSecurityAnalysisResult,
+      fileFormat,
+    });
+
+    AppLogger.info(`[CodeSecurityUtils - writeCodeSecurityAuditToFile] formattedCodeSecurityAuditReports:  ${formattedCodeSecurityAuditReports?.length}`);
+
+    if(!formattedCodeSecurityAuditReports?.length){
+      return false;
+    }
+
+    fs.writeFileSync(codeSecurityAuditOutputFile, formattedCodeSecurityAuditReports);
+
+    return true;
+  } catch (error) {
+    AppLogger.info(`[CodeSecurityUtils - writeCodeSecurityAuditToFile] error:  ${error.message}`);
+    return false;
+  }
+};
+
+const CodeSecurityUtils = {
+  inspectDirectory,
+  writeCodeSecurityAuditToFile,
+};
+
+export default CodeSecurityUtils;
\ No newline at end of file