all sast

Everything I’ve published,
in one feed.

2 posts across writeups, research, and technical deep-dives. Filter by tag.

2 posts

2026.04.08

Semgrep Architecture: Comprehensive Reference

A deep technical reference on how Semgrep works internally - from CLI entry-point and target discovery, through parsing, AST normalisation, pattern matching and taint dataflow analysis, to output formatting.

17 min

2025.08.02

ResearchSASTStatic Analysis

Code auditing 101

Topics covered This post explores the evolution from manual code review to automated security testing, covering: The reality of manual code review and its …

21 min

Everything I’ve published,in one feed.

Semgrep Architecture: Comprehensive Reference

Code auditing 101

Everything I’ve published,
in one feed.