Globstar: Open-source static analysis toolkit
a year ago
- #open-source
- #code-quality
- #static-analysis
- Globstar is an open-source static analysis toolkit for writing and running code analysis checkers.
- It uses tree-sitter for AST-based analysis and supports writing checkers in YAML or Go.
- Checkers are stored in the `.globstar` directory and can be run with the `globstar check` command.
- Globstar is fast, efficient, and distributed as a single binary with no dependencies.
- It supports tree-sitter's S-expressions for writing checkers and Go for more complex logic.
- Globstar is CI-friendly and can be integrated into any CI/CD pipeline.
- It is MIT licensed, allowing free use in commercial projects without restrictions.
- Installation is simple with a curl command, and it can be installed globally.
- Example checkers, like detecting dangerous `eval()` use in Python, are easy to define in YAML.
- Globstar integrates with GitHub Actions for automated code analysis.
- Built by DeepSource, Globstar aims to make custom checkers easy to write and run.
- Future integration with DeepSource's proprietary analyzers is planned.