Align blog and documentation with style guidelines and SEO improvements (#1)

Author: misonijnik

astro.config.mjs

@@ -42,7 +42,12 @@ export default defineConfig({
     }),
     mdx(),
     tailwind(),
-    sitemap(),
+    sitemap({
+      serialize(item) {
+        item.lastmod = new Date().toISOString();
+        return item;
+      },
+    }),
   ],
   markdown: {
     gfm: true,

src/components/AnimatedHero.tsx

@@ -40,7 +40,7 @@ export function AnimatedHero() {
       </h1>
 
       <p className="mt-5 font-mono text-[15px] leading-[200%] text-muted-foreground sm:max-w-[82%] lg:text-base lg:mt-6">
-        Enterprise-grade dataflow analysis with code-native rules — no paywall, no pattern-matching compromises.
+        Formal inter-procedural taint analysis — finds what pattern matching engines miss, enacts what LLM agents discover as rules, scales where neither can alone.
       </p>
 
       <div className="mt-8 flex gap-3 sm:hidden">

src/components/astro/BlogPostView.astro

@@ -31,7 +31,7 @@ const formattedDate = new Date(post.date).toLocaleDateString("en-US", {
 
 {toc.length > 0 && (
   <div class="fixed inset-x-0 top-16 z-30 border-b border-border bg-background/95 backdrop-blur-md xl:hidden" data-mobile-toc>
-    <div class="mx-auto max-w-[75rem]" style="padding-left: clamp(1.5rem, 0.5rem + 2vw, 3rem); padding-right: clamp(1.5rem, 0.5rem + 2vw, 3rem);">
+      <div class="mx-auto w-full" style="padding-inline: clamp(1rem, 4vw, 6rem);">
       <details>
         <summary class="flex cursor-pointer list-none items-center gap-2 py-3 font-mono text-[10px] leading-none uppercase tracking-[0.14em] text-muted-foreground [&::-webkit-details-marker]:hidden">
           <span class="shrink-0">On this page</span>
@@ -59,11 +59,11 @@ const formattedDate = new Date(post.date).toLocaleDateString("en-US", {
 
 <article>
   <section class="page-section">
-    <h1 class="max-w-3xl break-words font-mono text-2xl font-semibold tracking-[-0.03em] text-foreground sm:text-3xl md:text-4xl lg:text-[2.5rem]">
+    <h1 class="max-w-5xl break-words font-mono text-2xl font-semibold tracking-[-0.03em] text-foreground sm:text-3xl md:text-4xl lg:text-[2.5rem]">
       {post.title}
     </h1>
 
-    <p class="section-subtitle max-w-2xl break-words">
+    <p class="section-subtitle max-w-4xl break-words">
       {post.description}
     </p>
 

src/components/astro/FAQ.astro

@@ -2,7 +2,7 @@
 const faqItems = [
   {
     question: "What is OpenTaint?",
-    answer: "OpenTaint is an open source taint analysis engine built for the AI coding era. It performs inter-procedural dataflow analysis on Java and Kotlin bytecode — cross-endpoint flow tracking, persistence layer modelling, alias analysis, and asynchronous code analysis — using code-native rules to find real vulnerabilities in web applications. No paywall, no pattern-matching compromises.",
+    answer: "OpenTaint is an open source taint analysis engine built for the AI coding era. It performs inter-procedural dataflow analysis on Java and Kotlin bytecode — cross-endpoint flow tracking, persistence layer modelling, alias analysis, and asynchronous code analysis. Code-native rules find real vulnerabilities in web applications. Finds what pattern matching engines miss, enacts what LLM agents discover as permanent rules, scales where neither can alone.",
   },
   {
     question: "What vulnerabilities does OpenTaint detect?",
@@ -13,20 +13,20 @@ const faqItems = [
     answer: "Rules that look like code. Readable, writable, and tunable by humans and AI agents alike. The engine translates each rule into a full taint configuration — sources, sinks, sanitizers, and propagators connected by typed taint marks. When a rule produces a false positive, you refine the rule directly. No query language to learn, no black box to work around.",
   },
   {
-    question: "Why not just use an AI agent for security scanning?",
-    answer: "AI agents offer no formal guarantees. Run the same prompt twice and you may get different results — no determinism, no reproducibility. OpenTaint provides deterministic inter-procedural dataflow analysis with stable, reproducible findings. AI agents can read and write OpenTaint's code-native rules, so you get the best of both: AI flexibility with formal analysis underneath.",
+    question: "Why not just use an LLM agent for security scanning?",
+    answer: "LLM agents offer no formal guarantees. Run the same prompt twice and you may get different results — no determinism, no reproducibility. An LLM agent scanning a large codebase burns through token budgets and still can't guarantee full coverage. OpenTaint scans the same codebase in minutes of CPU compute — deterministically. AI agents can read and write OpenTaint's code-native rules, so you get the best of both: AI flexibility with formal analysis underneath.",
   },
   {
     question: "What languages and frameworks are supported?",
-    answer: "Java and Kotlin, analyzed at the bytecode level to precisely understand inheritance, generics, and library interactions. Deep Spring Boot framework ecosystem support including Spring MVC, Spring Data, and related libraries. More languages ahead.",
+    answer: "Java and Kotlin, analyzed at the bytecode level to precisely understand inheritance, generics, and library interactions. Deep Spring Boot support including Spring MVC, Spring Data, and related libraries. More languages ahead.",
   },
   {
     question: "How does OpenTaint compare to Semgrep?",
-    answer: "Both tools perform inter-procedural analysis. OpenTaint goes further: it tracks data across endpoint boundaries and through persistence layers, catching stored injections and multi-step attack paths that basic inter-procedural analysis cannot reach. Rules use a code-native format that the engine translates into complete taint configurations. Semgrep rule syntax is supported as a migration path.",
+    answer: "Semgrep's open-source engine does pattern matching. Its Pro engine adds taint analysis behind a paid tier. OpenTaint ships full inter-procedural dataflow analysis — cross-endpoint flows, persistence layers, stored injections — under Apache 2.0. Rules use a code-native format that the engine translates into complete taint configurations. Semgrep rule syntax is supported as a migration path.",
   },
   {
     question: "How does OpenTaint compare to CodeQL?",
-    answer: "OpenTaint delivers enterprise-grade dataflow analysis without a specialized query language, proprietary licensing, or a paywall. Code-native rules mean you write what you know — code — and get full taint analysis out of the box.",
+    answer: "CodeQL requires learning QL — a specialized query language that AI agents can't easily write. OpenTaint delivers formal inter-procedural dataflow analysis with code-native rules any developer or AI agent can read, write, and refine. No proprietary licensing, no paywall. Full taint analysis out of the box.",
   },
   {
     question: "Is OpenTaint free to use?",

src/components/astro/SiteHeader.astro

@@ -2,11 +2,12 @@
 const navItems = [
   { href: "/", label: "Home" },
   { href: "/blog", label: "Blog" },
+  { href: "https://github.com/seqra/opentaint/tree/main/docs", label: "Docs", external: true },
 ];
 ---
 
 <header class="fixed top-0 z-50 w-full border-b border-border bg-background/90 backdrop-blur-md">
-  <div class="mx-auto flex h-16 max-w-[75rem] items-center px-4 sm:px-6">
+  <div class="mx-auto flex h-16 w-full items-center" style="padding-inline: clamp(1rem, 4vw, 6rem);">
     <div class="flex-1">
       <a href="/" class="flex w-fit items-center" aria-label="OpenTaint home">
         <img src="/opentaint-header-light.svg" alt="opentaint logo" aria-hidden="true" class="h-10 dark:hidden sm:h-10" />
@@ -15,7 +16,7 @@ const navItems = [
     </div>
 
     <nav class="hidden items-center gap-6 md:flex lg:gap-8" role="navigation" aria-label="Main navigation">
-      {navItems.map((item) => <a href={item.href} class="font-mono text-sm font-medium uppercase tracking-[0.16em] text-muted-foreground transition-colors hover:text-primary lg:text-[15px]">{item.label}</a>)}
+      {navItems.map((item) => <a href={item.href} target={item.external ? "_blank" : undefined} rel={item.external ? "noopener noreferrer" : undefined} class="font-mono text-sm font-medium uppercase tracking-[0.16em] text-muted-foreground transition-colors hover:text-primary lg:text-[15px]">{item.label}</a>)}
     </nav>
 
     <div class="flex flex-1 items-center justify-end gap-2 sm:gap-3">
@@ -64,7 +65,7 @@ const navItems = [
     <div class="absolute left-0 right-0 top-full z-50 border-t border-border bg-background md:hidden">
       <nav class="container space-y-3 px-4 py-4" role="navigation" aria-label="Mobile navigation">
         {navItems.map((item) => (
-          <a href={item.href} class="block py-1.5 font-mono text-sm font-medium uppercase tracking-[0.16em] text-muted-foreground transition-colors hover:text-primary">
+          <a href={item.href} target={item.external ? "_blank" : undefined} rel={item.external ? "noopener noreferrer" : undefined} class="block py-1.5 font-mono text-sm font-medium uppercase tracking-[0.16em] text-muted-foreground transition-colors hover:text-primary">
             {item.label}
           </a>
         ))}

src/components/astro/SupportedTechnology.astro

@@ -10,6 +10,8 @@
     <img src="/pictures/gitlab-logo.svg" alt="GitLab" class="h-10 w-10 sm:h-14 sm:w-14 lg:h-16 lg:w-16" />
   </div>
 
+  <h2 class="mt-10 section-title lg:mt-12">Enterprise-grade taint analysis for Java, Kotlin, and Spring Boot applications</h2>
+
   <h2 class="mt-10 section-title lg:mt-12">Roadmap</h2>
   <div class="mt-4 flex flex-wrap items-center justify-center gap-y-5 gap-x-8 sm:gap-10 lg:mt-6 lg:gap-12">
     <img src="/pictures/python-logo.svg" alt="Python" class="h-10 w-10 sm:h-14 sm:w-14 lg:h-16 lg:w-16" />

src/components/astro/WhatIsOpenTaint.astro

@@ -1,40 +1,33 @@
 ---
 const features = [
   {
-    title: "AI agent-ready.",
+    title: "Find what pattern matching engines miss.",
     description:
-      "Agents operate the rules, the CLI, the output. Scan code, triage findings, fix vulnerabilities, refine rules.",
+      "The inter-procedural dataflow engine tracks untrusted data across function boundaries, persistence layers, aliases, and async code. 100+ rules across 20+ vulnerability classes.",
   },
   {
-    title: "Cutting-edge dataflow analysis.",
+    title: "One finding becomes total coverage.",
     description:
-      "Inter-procedural taint tracking across endpoints, persistence layers, aliases, and async code.",
-  },
-  {
-    title: "Enterprise-grade, finds real trophies.",
-    description:
-      "Powerful, precise, and performant at scale. Catches exploitable vulnerabilities.",
-  },
-  {
-    title: "Rules that read like code.",
-    description:
-      "Write and refine taint rules the same way you write application code — or let your AI agent do it.",
+      "Code-native rules let you enact every uncovered vulnerability as a rule with the engine applying it across the entire codebase, deterministically, in minutes of CPU.",
   },
   {
     title: "Open source, batteries included.",
     description:
-      "Engine, CLI, GitHub Action, GitLab CI, rules. Apache 2.0 and MIT licensed.",
+      "Engine, rules, CI integrations — the entire stack ships under Apache 2.0 and MIT. No paid tier to unlock taint tracking, no gates on writing your own rules.",
   },
 ];
 ---
 
 <section class="page-section" aria-labelledby="what-heading">
   <h2 id="what-heading" class="section-title text-center">Why OpenTaint?</h2>
   <p class="section-subtitle">
-    AI-generated code is scaling codebases fast. Pattern matchers produce too many false positives. Enterprise taint analyzers that work are paywalled. AI agents in a security role give no formal guarantees.
+    AI generates production code faster than today's security tooling can keep up with.
+  </p>
+  <p class="section-subtitle">
+    LLM security agents find vulnerabilities humans miss, burn tokens on every file, and still can't guarantee they catch everything.
   </p>
   <p class="section-subtitle">
-    OpenTaint does real inter-procedural taint analysis — tracks untrusted data from HTTP inputs to dangerous APIs across endpoints, persistence layers, and framework boundaries.
+    The more AI writes code, the more you need formal methods underneath.
   </p>
 
   <ul class="mt-8 space-y-3 lg:mt-10 lg:space-y-4">
@@ -49,10 +42,4 @@ const features = [
     ))}
   </ul>
 
-  <div class="mt-8 lg:mt-10">
-    <a href="/blog" class="cta-pill">
-      <span>Read blog</span>
-      <svg xmlns="http://www.w3.org/2000/svg" width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M5 12h14"/><path d="m12 5 7 7-7 7"/></svg>
-    </a>
-  </div>
 </section>

src/content.config.ts

@@ -7,6 +7,8 @@ const blog = defineCollection({
     title: z.string(),
     description: z.string(),
     date: z.string(),
+    keywords: z.array(z.string()).optional(),
+    author: z.string().optional(),
   }),
 });