https://github.com/seqra/opentaint
The open source taint analysis tool for the AI era. The analyzer you can customize and self-host, built so AI agents drive your security analysis without burning tokens on every scan. Open source alternative to Semgrep Pro and CodeQL.
https://github.com/seqra/opentaint
java kotlin sast security security-tools seqra skills spring static-analysis taint-analysis vulnerabilities vulnerability-detection vulnerability-scanners
Last synced: 10 days ago
JSON representation
The open source taint analysis tool for the AI era. The analyzer you can customize and self-host, built so AI agents drive your security analysis without burning tokens on every scan. Open source alternative to Semgrep Pro and CodeQL.
- Host: GitHub
- URL: https://github.com/seqra/opentaint
- Owner: seqra
- License: apache-2.0
- Created: 2025-09-30T20:29:35.000Z (9 months ago)
- Default Branch: main
- Last Pushed: 2026-06-25T17:31:24.000Z (16 days ago)
- Last Synced: 2026-06-25T18:10:04.640Z (16 days ago)
- Topics: java, kotlin, sast, security, security-tools, seqra, skills, spring, static-analysis, taint-analysis, vulnerabilities, vulnerability-detection, vulnerability-scanners
- Language: Kotlin
- Homepage: https://opentaint.org
- Size: 47.4 MB
- Stars: 95
- Watchers: 2
- Forks: 7
- Open Issues: 41
-
Metadata Files:
- Readme: README.md
- License: LICENSE.md
Awesome Lists containing this project
README
The open source taint analysis engine for the AI era
Formal taint analysis for application security — finds what AST-pattern matchers miss, lets LLM agents enact rules from vulnerabilities, scales where neither can alone.
English | 简体中文 | 繁體中文 | 한국어 | Deutsch | Español | Français | Italiano | Dansk | 日本語 | Polski | Русский | Bosanski | العربية | Norsk | Svenska | Português (Brasil) | ไทย | Türkçe | Українська | বাংলা | हिन्दी | Ελληνικά | Tiếng Việt | Bahasa Indonesia

Supported technologies and integrations
The most thorough taint analysis engine for Spring apps
Roadmap
More screenshots
---
## Why OpenTaint?
> OpenTaint is an open-source alternative to *Semgrep Pro* and *CodeQL* — a formal inter-procedural taint engine you can customize and self-host, built so AI agents drive your security analysis without burning tokens on every scan.
AI generates production code faster than security teams can keep up with, and the two kinds of tooling built to catch what it gets wrong each force a bad trade-off:
- **AST-pattern matchers** (Semgrep OSS, ast-grep, linters) are free and fast, but they match syntax, not data flow — untrusted input that crosses a function boundary or a persistence layer slips right past. The deeper, inter-procedural analysis that *does* catch it has long been locked inside proprietary tools.
- **LLM security agents** find what pattern matchers miss, but they re-read your code on every run. The tokens add up with every file, every commit, every CI build — and a probabilistic model still can't promise it caught everything.
OpenTaint gives you the depth of an LLM agent at the cost of a static analyzer:
- **Find what AST-pattern matchers miss.** A formal inter-procedural dataflow engine tracks untrusted data across function boundaries, persistence layers, aliases, and async code.
- **Pay the model once, not on every scan.** Let an agent distill a single finding into a taint rule. The deterministic engine then replays that rule across the entire codebase — and every commit after it — in minutes of CPU, at zero token cost.
- **Open source, batteries included.** Engine, rules, and CI integrations come as one stack under Apache 2.0 and MIT.
## Quick Start
**Install script (Linux/macOS)**
```
curl -fsSL https://opentaint.org/install.sh | bash
```
**Install via Homebrew (Linux/macOS):**
```bash
brew install --cask seqra/tap/opentaint
```
**Install script (Windows PowerShell)**
```
irm https://opentaint.org/install.ps1 | iex
```
**Install via npm (Linux/macOS/Windows):**
```bash
npm install -g @seqra/opentaint
```
**Or run instantly with npx — no install required (needs Node.js):**
```bash
npx @seqra/opentaint scan
```
**Scan your project:**
```bash
opentaint scan
```
**Or use Docker:**
```bash
docker run --rm -v $(pwd):/project -v $(pwd):/output \
ghcr.io/seqra/opentaint:latest \
opentaint scan --output /output/results.sarif /project
```
For more options, see [Installation](docs/README.md#installation) and [Usage](docs/README.md#usage).
---
## AI Agent Workflows
OpenTaint includes agent skills that turn static analysis into an end-to-end application-security workflow. Install them with:
```bash
npx skills add https://github.com/seqra/opentaint
```
The `appsec-agent` skill orchestrates a full project assessment: build the project, run OpenTaint, discover the attack surface, add targeted rules, model missing library data flows, triage findings, and optionally generate dynamic proof-of-concept checks for confirmed vulnerabilities.
Included skills cover the common security-analysis loop:
- **Scan and triage:** `build-project`, `run-scan`, `analyze-findings`, `generate-poc`
- **Coverage expansion:** `triage-dependencies`, `discover-attack-surface`, `create-test-project`, `create-rule`, `assemble-lib-rules`
- **Dataflow modeling:** `analyze-external-methods`, `create-pass-through-approximation`, `create-dataflow-approximation`, `debug-rule`, `report-analyzer-issue`
---
## Documentation
Full guides — installation, usage, configuration, CI/CD integration: **[Documentation](docs/README.md)**.
## Support
- **Issues:** [GitHub Issues](https://github.com/seqra/opentaint/issues)
- **Community:** [Discord](https://discord.gg/6BXDfbP4p9)
- **Email:** [seqradev@gmail.com](mailto:seqradev@gmail.com)
## Star History
## License
The [core analysis engine](core/) is released under the [Apache 2.0 License](LICENSE.md). The [CLI](cli/), [GitHub Action](github/), [GitLab CI template](gitlab/), and [rules](rules/) are released under the [MIT License](cli/LICENSE).