# security

Guillaume Montard

03/07/2023, 11:09 AM
Hi all! I’m pleased to share a project we’ve been working on for the past 2 years with my team and that we Open Source today, a code security scanning tool (SAST). It allows you to discover, filter and prioritize security risks and vulnerabilities leading to sensitive data exposures (PII, PHI, PD). Essentially, it provides built-in rules against a common set of security risks and vulnerabilities (OWASP Top 10), here are some practical examples: • Leakage of sensitive data through cookies, internal loggers, third-party logging services, and into analytics environments. • Usage of weak encryption libraries or misusage of encryption algorithms. • Unencrypted incoming and outgoing communication (HTTP, FTP, SMTP) of sensitive information. • Hard-coded secrets and tokens. • And many more! If you are SOC2 or ISO27001, there are good chances you are already using a SAST solution, it could be a good replacement, and hopefully a better one. If you’re not, it might be an opportunity to improve your application’s security. We currently support JavaScript and Ruby stacks, but more will follow. Let us know what you think and how we can improve it!