Show HN: Globstar – Open-source static analysis toolkit

Hey HN! We’re Jai and Sanket, co-founders of DeepSource (YC W20). We're open-sourcing Globstar ( https://github.com/DeepSourceCorp/globstar ), a static analysis toolkit that lets you easily write and run custom code quality and security checkers in YAML [1] or Go [2]. After 5+ years of building AST-based static analyzers that process millions of lines of code daily at DeepSource, we kept hearing a common request from customers: "How do we write custom checks specific to our codebase?" AppSec and DevOps teams have a lot of learned anti-patterns and security rules they want to enforce across their orgs, and being able to do that without being a static analysis expert, came up as an important want. We initially built an internal framework using tree-sitter [3] for our proprietary infrastructure-as-code analyzers, which enabled us to rapidly create new checkers. We realized that making the framework open-source could solve this problem for everyone. Our key insight was that writing chec ... Read full article.