Ansede Static is a powerful offline static application security testing engine designed for modern codebases. With zero dependencies and an impressive 98.8% CVE recall, it quickly detects vulnerabilities in Python, JavaScript, and TypeScript projects with a single command. Just download and scan—no setup required.
Ansede is an advanced offline static application security testing (SAST) engine designed to ensure the security of modern codebases with minimal overhead. Tailored for Python, JavaScript, TypeScript, Go, Java, and C#, Ansede stands out by detecting critical vulnerabilities and enhancing code quality with unparalleled accuracy and speed.
Key Features
- No dependencies: A single executable file that requires no additional setup, allowing immediate use on any project by simply downloading and unzipping.
- High detection accuracy: Achieves a 98.8% recall for Common Vulnerabilities and Exposures (CVEs), effectively identifying issues that other tools often miss.
- Incremental and efficient scanning: Offers the ability to scan only modified files, catering to large codebases and optimizing performance significantly.
Unique Value Proposition
Most existing SAST tools fail to detect vulnerabilities documented in CVEs due to their limitations. For instance, Ansede effectively uncovers critical issues that are typically overlooked:
# CWE-639 — Insecure Direct Object Reference
@app.route("/invoice/<invoice_id>")
@login_required
def get_invoice(invoice_id):
return db.execute("SELECT * FROM invoices WHERE id = ?", (invoice_id,))
Unlike others, Ansede models routes and authorization patterns at the Abstract Syntax Tree (AST) level to guarantee comprehensive vulnerability detection.
Performance Metrics
- CVE Recall: 98.8%
- Precision: 96.43%
- False Positive Rate: 3.57%
- Scanning Speed: Approximately 0.02 seconds per 100,000 lines of code.
Detection Capabilities
Ansede provides robust detection across various categories of vulnerabilities, including:
- Broken Access Control: CWE-639, CWE-862, and others.
- Injection Flaws: SQL and command injections.
- Cryptographic Failures: Issues with hardcoded sensitive information.
- Cross-Site Scripting: Detection of user data handling issues.
Example Usage
To scan a directory with Ansede, use the following command:
ansede-static src/
For more detailed results that can be integrated with CI/CD pipelines, SARIF and JSON formats are also supported:
ansede-static src/ --format sarif --output results.sarif
ansede-static src/ --format json --output findings.json
Community and Contributions
Ansede welcomes contributions. Developers can easily clone the repository, run validations, and help improve the engine further. Comprehensive guides for contributing and customizing rules are available in the repository.
For those interested in elevating code security with top-tier reliability, Ansede offers a Pro version that comes with additional features, including unlimited scans and advanced output formats for a nominal fee.
**Learn more and get involved in enhancing code quality and security with Ansede.
No comments yet.
Sign in to be the first to comment.