{"id":47600085,"url":"https://github.com/seqra/opentaint","last_synced_at":"2026-05-13T13:00:32.351Z","repository":{"id":317676768,"uuid":"1067413390","full_name":"seqra/opentaint","owner":"seqra","description":"The open source taint analysis engine for the AI era","archived":false,"fork":false,"pushed_at":"2026-03-27T22:57:33.000Z","size":38392,"stargazers_count":32,"open_issues_count":12,"forks_count":3,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-03-27T23:53:35.639Z","etag":null,"topics":["java","kotlin","sast","security","security-tools","seqra","spring","static-analysis","taint-analysis","vulnerabilities","vulnerability-detection","vulnerability-scanners"],"latest_commit_sha":null,"homepage":"https://opentaint.org","language":"Kotlin","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/seqra.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-09-30T20:29:35.000Z","updated_at":"2026-03-26T11:22:06.000Z","dependencies_parsed_at":null,"dependency_job_id":"62d009d7-702d-4557-a7b7-718b828884f5","html_url":"https://github.com/seqra/opentaint","commit_stats":null,"previous_names":["seqra/seqra","seqra/opentaint"],"tags_count":60,"template":false,"template_full_name":null,"purl":"pkg:github/seqra/opentaint","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/seqra%2Fopentaint","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/seqra%2Fopentaint/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/seqra%2Fopentaint/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/seqra%2Fopentaint/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/seqra","download_url":"https://codeload.github.com/seqra/opentaint/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/seqra%2Fopentaint/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31290947,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-01T13:12:26.723Z","status":"ssl_error","status_checked_at":"2026-04-01T13:12:25.102Z","response_time":53,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["java","kotlin","sast","security","security-tools","seqra","spring","static-analysis","taint-analysis","vulnerabilities","vulnerability-detection","vulnerability-scanners"],"created_at":"2026-04-01T18:46:09.324Z","updated_at":"2026-05-13T13:00:32.344Z","avatar_url":"https://github.com/seqra.png","language":"Kotlin","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n  \u003cpicture\u003e\n    \u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"logos/opentaint-logo-dark.svg\"\u003e\n    \u003csource media=\"(prefers-color-scheme: light)\" srcset=\"logos/opentaint-logo-light.svg\"\u003e\n    \u003cimg src=\"logos/opentaint-logo-light.svg\" alt=\"OpenTaint\" height=\"100\"\u003e\n  \u003c/picture\u003e\n\u003c/p\u003e\n\n\u003ch3 align=\"center\"\u003eThe open source taint analysis engine for the AI era\u003c/h3\u003e\n\n\u003cp align=\"center\"\u003e\n  Formal inter-procedural taint analysis — finds what AST-pattern matchers miss, enacts what LLM agents discover as rules, scales where neither can alone.\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://github.com/seqra/opentaint/releases\"\u003e\u003cimg src=\"https://img.shields.io/github/release/seqra/opentaint.svg\" alt=\"GitHub release\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://goreportcard.com/report/github.com/seqra/opentaint/cli\"\u003e\u003cimg src=\"https://goreportcard.com/badge/github.com/seqra/opentaint/cli\" alt=\"Go Report Card\"\u003e\u003c/a\u003e\n  \u003ca href=\"LICENSE.md\"\u003e\u003cimg src=\"https://img.shields.io/badge/License-Apache%202.0-blue.svg\" alt=\"License: Apache 2.0\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://golang.org/\"\u003e\u003cimg src=\"https://img.shields.io/badge/Go-1.25+-00ADD8?logo=go\" alt=\"Go Version\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://discord.gg/6BXDfbP4p9\"\u003e\u003cimg src=\"https://img.shields.io/discord/1403357427176575036?logo=discord\u0026label=Discord\" alt=\"Discord\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"README.md\"\u003eEnglish\u003c/a\u003e | \u003ca href=\"docs/translations/README.zh.md\"\u003e简体中文\u003c/a\u003e | \u003ca href=\"docs/translations/README.zht.md\"\u003e繁體中文\u003c/a\u003e | \u003ca href=\"docs/translations/README.ko.md\"\u003e한국어\u003c/a\u003e | \u003ca href=\"docs/translations/README.de.md\"\u003eDeutsch\u003c/a\u003e | \u003ca href=\"docs/translations/README.es.md\"\u003eEspañol\u003c/a\u003e | \u003ca href=\"docs/translations/README.fr.md\"\u003eFrançais\u003c/a\u003e | \u003ca href=\"docs/translations/README.it.md\"\u003eItaliano\u003c/a\u003e | \u003ca href=\"docs/translations/README.da.md\"\u003eDansk\u003c/a\u003e | \u003ca href=\"docs/translations/README.ja.md\"\u003e日本語\u003c/a\u003e | \u003ca href=\"docs/translations/README.pl.md\"\u003ePolski\u003c/a\u003e | \u003ca href=\"docs/translations/README.ru.md\"\u003eРусский\u003c/a\u003e | \u003ca href=\"docs/translations/README.bs.md\"\u003eBosanski\u003c/a\u003e | \u003ca href=\"docs/translations/README.ar.md\"\u003eالعربية\u003c/a\u003e | \u003ca href=\"docs/translations/README.no.md\"\u003eNorsk\u003c/a\u003e | \u003ca href=\"docs/translations/README.br.md\"\u003ePortuguês (Brasil)\u003c/a\u003e | \u003ca href=\"docs/translations/README.th.md\"\u003eไทย\u003c/a\u003e | \u003ca href=\"docs/translations/README.tr.md\"\u003eTürkçe\u003c/a\u003e | \u003ca href=\"docs/translations/README.ua.md\"\u003eУкраїнська\u003c/a\u003e | \u003ca href=\"docs/translations/README.bn.md\"\u003eবাংলা\u003c/a\u003e | \u003ca href=\"docs/translations/README.gr.md\"\u003eΕλληνικά\u003c/a\u003e | \u003ca href=\"docs/translations/README.vi.md\"\u003eTiếng Việt\u003c/a\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n\u003ca href=\"http://opentaint.org/\"\u003e\n\u003ca href=\"http://opentaint.org/\"\u003e\n\u003cpicture\u003e\n  \u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"public/opentaint-frame-light-2.png\"\u003e\n  \u003csource media=\"(prefers-color-scheme: light)\" srcset=\"public/opentaint-frame-dark-2.png\"\u003e\n  \u003cimg src=\"public/opentaint-frame-dark-2.png\" alt=\"OpenTaint summary output\"\u003e\n\u003c/picture\u003e\n\u003c/a\u003e\n\u003c/a\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\u003cb\u003eSupported technologies and integrations\u003c/b\u003e\u003c/p\u003e\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"logos/java-logo.svg\" alt=\"Java\" height=\"60\"\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\n  \u003cimg src=\"logos/kotlin-logo.svg\" alt=\"Kotlin\" height=\"60\"\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\n  \u003cimg src=\"logos/spring-boot-logo.svg\" alt=\"Spring\" height=\"60\"\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\n  \u003cpicture\u003e\n    \u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"logos/github-logo-dark.svg\"\u003e\n    \u003csource media=\"(prefers-color-scheme: light)\" srcset=\"logos/github-logo-light.svg\"\u003e\n    \u003cimg src=\"logos/github-logo-light.svg\" alt=\"GitHub\" height=\"60\"\u003e\n  \u003c/picture\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\n  \u003cimg src=\"logos/gitlab-logo.svg\" alt=\"GitLab\" height=\"60\"\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\u003ci\u003eThe most thorough taint analysis engine for Spring apps\u003c/i\u003e\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\u003cb\u003eRoadmap\u003c/b\u003e\u003c/p\u003e\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"logos/python-logo.svg\" alt=\"Python\" height=\"60\"\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\n  \u003cimg src=\"logos/go-logo.svg\" alt=\"Go\" height=\"60\"\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\n  \u003cimg src=\"logos/csharp-logo.svg\" alt=\"C#\" height=\"60\"\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\n  \u003cimg src=\"logos/javascript-logo.svg\" alt=\"JavaScript\" height=\"60\"\u003e\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\n  \u003cimg src=\"logos/typescript-logo.svg\" alt=\"TypeScript\" height=\"60\"\u003e\n\u003c/p\u003e\n\n\u003cdiv align=\"center\"\u003e\n\u003cdetails\u003e\n  \u003csummary\u003e\u003cb\u003eMore screenshots\u003c/b\u003e\u003c/summary\u003e\n  \u003cp align=\"center\"\u003e\n    \u003cpicture\u003e\n      \u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"public/opentaint-frame-light-1.png\"\u003e\n      \u003csource media=\"(prefers-color-scheme: light)\" srcset=\"public/opentaint-frame-dark-1.png\"\u003e\n      \u003cimg src=\"public/opentaint-frame-dark-1.png\" alt=\"OpenTaint scan output\"\u003e\n    \u003c/picture\u003e\n  \u003c/p\u003e\n  \u003cp align=\"center\"\u003e\n    \u003cpicture\u003e\n      \u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"public/opentaint-frame-light-3.png\"\u003e\n      \u003csource media=\"(prefers-color-scheme: light)\" srcset=\"public/opentaint-frame-dark-3.png\"\u003e\n      \u003cimg src=\"public/opentaint-frame-dark-3.png\" alt=\"OpenTaint summary output\"\u003e\n    \u003c/picture\u003e\n  \u003c/p\u003e\n  \u003cp align=\"center\"\u003e\n    \u003cpicture\u003e\n      \u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"public/opentaint-frame-light-4.png\"\u003e\n      \u003csource media=\"(prefers-color-scheme: light)\" srcset=\"public/opentaint-frame-dark-4.png\"\u003e\n      \u003cimg src=\"public/opentaint-frame-dark-4.png\" alt=\"OpenTaint summary output\"\u003e\n    \u003c/picture\u003e\n  \u003c/p\u003e\n  \u003cp align=\"center\"\u003e\n    \u003cpicture\u003e\n      \u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"public/opentaint-frame-light-5.png\"\u003e\n      \u003csource media=\"(prefers-color-scheme: light)\" srcset=\"public/opentaint-frame-dark-5.png\"\u003e\n      \u003cimg src=\"public/opentaint-frame-dark-5.png\" alt=\"OpenTaint summary output\"\u003e\n    \u003c/picture\u003e\n  \u003c/p\u003e\n\u003c/details\u003e\n\u003c/div\u003e\n\n---\n\n## Why OpenTaint\n\nAI generates production code faster than today's security tooling can keep up with.\n\nLLM security agents find vulnerabilities humans miss, burn tokens on every file, and still can't guarantee they catch everything.\n\nThe more AI writes code, the more you need formal methods underneath.\n\n- **Find what AST-pattern matchers miss.** The inter-procedural dataflow engine tracks untrusted data across function boundaries, persistence layers, aliases, and async code.\n- **One finding becomes total coverage.** AST-pattern rules let you enact every uncovered vulnerability as a rule with the engine applying it across the entire codebase, deterministically, in minutes of CPU.\n- **Open source, batteries included.** Engine, rules, CI integrations — the entire stack ships under Apache 2.0 and MIT. No paid tier to unlock taint tracking, no gates on writing your own rules.\n\n## Quick Start\n\n**Install script (Linux/macOS)**\n```\ncurl -fsSL https://raw.githubusercontent.com/seqra/opentaint/main/scripts/install/install.sh | bash\n```\n\n**Install via Homebrew (Linux/macOS):**\n```bash\nbrew install --cask seqra/tap/opentaint\n```\n\n**Install script (Windows PowerShell)**\n```\nirm https://raw.githubusercontent.com/seqra/opentaint/main/scripts/install/install.ps1 | iex\n```\n\n**Scan your project:**\n```bash\nopentaint scan\n```\n\n**Or use Docker:**\n```bash\ndocker run --rm -v $(pwd):/project -v $(pwd):/output \\\n  ghcr.io/seqra/opentaint:latest \\\n  opentaint scan --output /output/results.sarif /project\n```\n\nFor more options, see [Installation](docs/README.md#installation) and [Usage](docs/README.md#usage).\n\n---\n\n## Documentation\n\nFull guides — installation, usage, configuration, CI/CD integration: **[Documentation](docs/README.md)**.\n\n## Support\n\n- **Issues:** [GitHub Issues](https://github.com/seqra/opentaint/issues)\n- **Community:** [Discord](https://discord.gg/6BXDfbP4p9)\n- **Email:** [seqradev@gmail.com](mailto:seqradev@gmail.com)\n\n## License\n\nThe [core analysis engine](core/) is released under the [Apache 2.0 License](LICENSE.md). The [CLI](cli/), [GitHub Action](github/), [GitLab CI template](gitlab/), and [rules](rules/) are released under the [MIT License](cli/LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fseqra%2Fopentaint","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fseqra%2Fopentaint","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fseqra%2Fopentaint/lists"}