| ▲ | Show HN: Cognium – Tree-sitter+taint Tracking SAST for Java,Python,JS,Rust(cognium.dev) | |
| 4 points by openmason 4 days ago | 2 comments | ||
open-source static analysis tool for finding security vulnerabilities | ||
| ▲ | Paulo75 4 days ago | parent | next [-] | |
Nice system but quick question: how does this compare to something like Semgrep? Semgrep also does tree sitter based pattern matching and has taint tracking now. Is the main difference the rule engine, performance, or something else? Always interested in more options in this space but the "open source SAST" field is getting crowded. | ||
| ▲ | openmason 4 days ago | parent | prev [-] | |
[dead] | ||