Formal taint analysis for application security — finds what AST-pattern matchers miss, lets LLM agents enact vulnerabilities as rules, scales where neither can alone.
English | 简体中文 | 繁體中文 | 한국어 | Deutsch | Español | Français | Italiano | Dansk | 日本語 | Polski | Русский | Bosanski | العربية | Norsk | Português (Brasil) | ไทย | Türkçe | Українська | বাংলা | Ελληνικά | Tiếng Việt
Supported technologies and integrations
The most thorough taint analysis engine for Spring apps
Roadmap
More screenshots
AI generates production code faster than today's security tooling can keep up with.
LLM security agents find vulnerabilities humans miss, burn tokens on every file, and still can't guarantee they catch everything.
The more AI writes code, the more you need formal methods underneath.
- Find what AST-pattern matchers miss. The inter-procedural dataflow engine tracks untrusted data across function boundaries, persistence layers, aliases, and async code.
- One finding becomes total coverage. AST-pattern rules let you enact every uncovered vulnerability as a rule with the engine applying it across the entire codebase, deterministically, in minutes of CPU.
- Open source, batteries included. Engine, rules, CI integrations — the entire stack ships under Apache 2.0 and MIT. No paid tier to unlock taint tracking, no gates on writing your own rules.
Install script (Linux/macOS)
curl -fsSL https://opentaint.org/install.sh | bash
Install via Homebrew (Linux/macOS):
brew install --cask seqra/tap/opentaintInstall script (Windows PowerShell)
irm https://opentaint.org/install.ps1 | iex
Install via npm (Linux/macOS/Windows):
npm install -g @seqra/opentaintOr run instantly with npx — no install required (needs Node.js):
npx @seqra/opentaint scanScan your project:
opentaint scanOr use Docker:
docker run --rm -v $(pwd):/project -v $(pwd):/output \
ghcr.io/seqra/opentaint:latest \
opentaint scan --output /output/results.sarif /projectFor more options, see Installation and Usage.
OpenTaint includes agent skills that turn static analysis into an end-to-end application-security workflow. Install them with:
npx skills add https://github.com/seqra/opentaintThe appsec-agent skill orchestrates a full project assessment: build the project, run OpenTaint, discover the attack surface, add targeted rules, model missing library data flows, triage findings, and optionally generate dynamic proof-of-concept checks for confirmed vulnerabilities.
Included skills cover the common security-analysis loop:
- Scan and triage:
build-project,run-scan,analyze-findings,generate-poc - Coverage expansion:
triage-dependencies,discover-attack-surface,create-test-project,create-rule,assemble-lib-rules - Dataflow modeling:
analyze-external-methods,create-pass-through-approximation,create-dataflow-approximation,debug-rule,report-analyzer-issue
Full guides — installation, usage, configuration, CI/CD integration: Documentation.
- Issues: GitHub Issues
- Community: Discord
- Email: seqradev@gmail.com
The core analysis engine is released under the Apache 2.0 License. The CLI, GitHub Action, GitLab CI template, and rules are released under the MIT License.