The Open-Source Static Analysis Toolkit.

Write SAST checkers with Globstar and run them in your CI with a single binary. It's fast, easy to write, and MIT-licensed. Globstar is a fast, feature-rich, and open-source static analysis toolkit for writing and running code checkers. Based on tree-sitter.

• Globstar @ GitHub.

Build and query a graph database representation of source code.

Parse source code into queryable graphs of functions, classes, calls, and semantic annotations for security analysis.

Trailmark uses tree-sitter for language-agnostic AST parsing and rustworkx for high-performance graph traversal. The long-term vision is to combine this graph with mutation testing and coverage-guided fuzzing to identify gaps between assumptions and test coverage that are reachable from user input.