You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/lib/faq.ts
+10-10Lines changed: 10 additions & 10 deletions
Original file line number
Diff line number
Diff line change
@@ -7,43 +7,43 @@ export type FaqItem = {
7
7
exportconstfaqItems: readonlyFaqItem[]=[
8
8
{
9
9
question: "What is OpenTaint?",
10
-
answer: "OpenTaint is an open source taint analysis engine built for the AI coding era. It performs inter-procedural dataflow analysis on Java and Kotlin bytecode — cross-endpoint flow tracking, persistence layer modelling, alias analysis, and asynchronous codeanalysis. AST-pattern rules find real vulnerabilities in web applications. Finds what AST-pattern matchers miss, enacts what LLM agents discover as permanent rules, scales where neither can alone.",
10
+
answer: "OpenTaint is an open source taint analysis engine for the AI era. It runs inter-procedural dataflow analysis to track untrusted data across function boundaries, persistence layers, aliases, and async code. For Java and Kotlin, the analysis works on bytecode. Rules are written in an AST-pattern format that's readable yet expressive enough for the engine to find real vulnerabilities without flagging safe code. It catches what AST-pattern matchers miss, turns LLM agent findings into reusable rules, and scales beyond what either can do alone.",
11
11
},
12
12
{
13
13
question: "What vulnerabilities does OpenTaint detect?",
14
-
answer: "SQL injection, XSS, SSRF, SpEL injection, open redirects, path traversal, command injection — 20+ types. Each finding traces the path from an HTTP source through method calls, async boundaries, and JPA persistenceto the dangerous call, anchored to its Spring endpoint.",
14
+
answer: "It detects over 20 classes of vulnerability, including SQL injection, XSS, SSRF, SpEL injection, open redirects, path traversal, and command injection. For each finding, the report walks the full path — from the HTTP source, through method calls, async boundaries, and JPA persistence, down to the dangerous call — and ties it back to the Spring endpoint where the data entered.",
15
15
},
16
16
{
17
17
question: "What are AST-pattern rules?",
18
-
answer: "Two layers. AST-pattern rules describe the shape of vulnerable code — the same rule format Semgrep and ast-grep use, readable by humans and AI agents alike. Whole-program taint analysis is what reads them: the engine analyzes a build artifact, resolving inheritance, generics, and library calls precisely, and tracks each rule's metavariables as program values across function boundaries, fields, async code, and persistence layers. AST-pattern matchers stop at syntactic match; OpenTaint follows the data through the compiled program. When a rule produces a false positive, refine it directly — the rule format is the same one you'd write for Semgrep or ast-grep.",
18
+
answer: "Two layers. AST-pattern rules describe the shape of vulnerable code — the same rule format Semgrep and ast-grep use, readable by humans and AI agents alike. Whole-program taint analysis is what reads them: the engine models data flow across the entire program — through function boundaries, fields, async code, and persistence layers — and follows each rule's metavariables as values moving through that flow. AST-pattern matchers stop at the syntactic match; OpenTaint keeps tracing the data through them. When a rule fires on safe code, you refine it directly — the rule format is the same one you'd write for Semgrep or ast-grep.",
19
19
},
20
20
{
21
21
question: "Why not just use an LLM agent for security scanning?",
22
-
answer: "LLM agents offer no formal guarantees. Run the same prompt twice and you may get different results — no determinism, no reproducibility. An LLM agent scanning a large codebase burns through token budgets and still can't guarantee full coverage. OpenTaint scans the same codebase in minutes of CPU compute — deterministically. AI agents can read and write OpenTaint's AST-pattern rules, so you get the best of both: AI flexibility with formal analysis underneath.",
22
+
answer: "You can, but LLM agents don't come with formal guarantees. Run the same prompt twice and the results may differ — there's no determinism and no way to argue about coverage. And on large codebases the bill adds up quickly: an agent burns through tokens on every file, the cost scales with codebase size, and it still can't promise it looked everywhere. OpenTaint scans the same codebase in minutes of CPU, deterministically, every run. Since AI agents can read and write its AST-pattern rules, you don't have to choose: the agent discovers, the engine applies.",
23
23
},
24
24
{
25
25
question: "What languages and frameworks are supported?",
26
-
answer: "Java and Kotlin, analyzed at the bytecode level to precisely understand inheritance, generics, and library interactions. Deep Spring Boot support including Spring MVC, Spring Data, and related libraries. More languages ahead.",
26
+
answer: "Java and Kotlin today. The engine works on bytecode, which gives it precise resolution of inheritance, generics, and library calls — including the standard library and any third-party JARs in the build classpath. Spring Boot is supported deeply, including Spring MVC, Spring Data, and the surrounding libraries. Python and Go are next on the roadmap.",
27
27
},
28
28
{
29
29
question: "Why is OpenTaint the most thorough taint analyzer for Spring apps?",
30
-
answer: "OpenTaint performs inter-procedural data-flow analysis that follows taint data across method boundaries, async code, and coroutines. It models JPA persistence layers out of the box, catching stored injections where untrusted input enters via one endpoint, gets persisted to the database, and resurfaces in a completely different request. Most engines treat the persistence layer as an opaque boundary and lose the flow there. OpenTaint follows it through.",
30
+
answer: "It does inter-procedural data-flow analysis, following tainted data across method boundaries and through async constructs — Reactor, Spring WebFlux, and Kotlin coroutines are all modeled via data-flow approximations. Out of the box, it also models JPA persistence layers, so it catches stored injections where untrusted input arrives at one endpoint, gets saved to the database, and reappears in a completely different request later. Most engines treat the persistence layer as an opaque boundary; OpenTaint models it as part of the flow, linking writes in one request to reads in another.",
31
31
},
32
32
{
33
33
question: "How does OpenTaint compare to Semgrep?",
34
-
answer: "Semgrep's open-source engine includes intra-procedural taint analysis — it tracks data within a single function. Its Pro engine adds inter-procedural taint analysis, but is closed source and paid. OpenTaint ships full inter-procedural dataflow analysis — cross-endpoint flows, persistence layers, stored injections — under Apache 2.0, free for any codebase including commercial closed-source projects. Rules use an AST-pattern format that the engine translates into complete taint configurations. Semgrep rule syntax is supported as a migration path.",
34
+
answer: "Semgrep's open-source engine does intra-procedural taint analysis — it tracks data within a single function. Inter-procedural analysis lives in the Pro engine, which is closed source and paid. OpenTaint ships full inter-procedural dataflow analysis — cross-endpoint flows, persistence layers, stored injections — under Apache 2.0, and it's free for any codebase, including commercial closed-source projects. Rules are written in an AST-pattern format that the engine translates into full taint configurations, and existing Semgrep rule syntax is supported so you can migrate gradually.",
35
35
},
36
36
{
37
37
question: "How does OpenTaint compare to CodeQL?",
38
-
answer: "CodeQL performs inter-procedural taint analysis, but it's proprietary — free only for open source, and gated behind a paid GitHub Advanced Security license for use on closed-source codebases. Rules are written in QL, a domain-specific query language with its own semantics. OpenTaint is fully open source with no paywall on private code, and delivers formal inter-procedural dataflow analysis with AST-pattern rules any developer or AI agent can read, write, and refine. Full taint analysis out of the box.",
38
+
answer: "CodeQL does inter-procedural taint analysis too, but it's proprietary — free for open source projects, and gated behind a paid GitHub Advanced Security license for closed-source code. Its rules are written in QL, a domain-specific query language with its own semantics to learn. OpenTaint is fully open source with no paywall on private code, and its rules are written in an AST-pattern format that any developer or AI agent can read, write, and refine. Full inter-procedural taint analysis comes out of the box.",
39
39
},
40
40
{
41
41
question: "Is OpenTaint free to use?",
42
-
answer: "Yes. The core engine is Apache 2.0; the CLI, CI integrations, and rules are MIT. Free for any codebase, including commercial closed-source projects.",
42
+
answer: "Yes. The core engine is Apache 2.0, and the CLI, CI integrations, and rules are MIT. Free to use on any codebase, including commercial closed-source projects.",
43
43
},
44
44
{
45
45
question: "Can I use existing Semgrep rules?",
46
-
answer: "OpenTaint supports Semgrep rule syntax, so existing rules work as a starting point. The engine adds inter-procedural dataflow analysis on top, and you can migrate to AST-pattern rules at your own pace for full control over taint configurations.",
46
+
answer: "OpenTaint supports Semgrep rule syntax, so existing rules work as a starting point. The engine layers inter-procedural dataflow analysis on top of them, and you can extend those rules with OpenTaint's full taint configuration — sources, sinks, sanitizers, propagators — to leverage the inter-procedural engine.",
0 commit comments