Show HN: Ansede – Free SAST with 100% CVE recall (Semgrep CE got 23%)

ardyv1 pts0 comments

I built a SAST tool that focuses on authorization bugs (IDOR, missing auth, privilege escalation) — the vulnerability class behind the Uber, Shopify, and Facebook breaches.The key technical difference: it does inter-procedural taint tracking from HTTP routes → auth guards → database sinks. Most free SAST tools analyze functions in isolation, so they literally cannot detect this route parameter reaches a database query without an auth check. Benchmarked against 164 known CVEs across 5 languages:| Tool | Recall | |------|--------| | Ansede | 100% (164/164) | | Semgrep CE | 23.2% | | CodeQL (free) | 33.6% | | Bandit (Python only) | 30.9% |False positive test: 125 clean production code snippets. Ansede: 0 false positives. Semgrep CE: 20-60%.Honest about limitations: 5 languages (not 30+), single maintainer, no SaaS. But MIT licensed, fully offline, one-command install.pip install ansede-static ansede-static src/Reproduce the benchmark: python -m benchmarks.one_click_compareWould love feedback from security engineers — what would make you switch?

ansede free sast semgrep auth recall

Related Articles