all research

Everything I’ve published,
in one feed.

3 posts across writeups, research, and technical deep-dives. Filter by tag.

3 posts

2026.04.08

Semgrep Architecture: Comprehensive Reference

A deep technical reference on how Semgrep works internally - from CLI entry-point and target discovery, through parsing, AST normalisation, pattern matching and taint dataflow analysis, to output formatting.

17 min

2025.08.05

ResearchCPGStatic Analysis

Understanding Code Property Graphs

When I first started developing tools for source code auditing, my primary need was to track tainted data flows through complex codebases during manual code …

22 min

2025.08.02

ResearchSASTStatic Analysis

Code auditing 101

Topics covered This post explores the evolution from manual code review to automated security testing, covering: The reality of manual code review and its …

21 min

Everything I’ve published,in one feed.

Semgrep Architecture: Comprehensive Reference

Understanding Code Property Graphs

Code auditing 101

Everything I’ve published,
in one feed.