Fast scans, cold-scan answers
TheAuditor's incremental scan now returns the same findings as a full scan, cross-file calls included. Run the fast one on every commit and trust it.
Read post →
Engineering blog
Architecture deep-dives, benchmark methodology, and product updates from the team building TheAuditor, deterministic code context and polyglot SAST for AI agents.
TheAuditor's incremental scan now returns the same findings as a full scan, cross-file calls included. Run the fast one on every commit and trust it.
Read post →
Enterprise procurement wants a bill of materials and a clean license story before you get in the door. TheAuditor now ships both: a signed component inventory and a copyleft-free build.
Read post →
Version 5.0.0 turns TheAuditor into a release line you can trust. Every build stamps the exact commit and build time it came from, the analysis ships as a sealed, encrypted artifact, and the same adversarial scans run against the binary before it leaves the door.
Read post →
TheAuditor 5.0.0 wires its index into MCP, so an AI agent working in your repo asks structured questions (which handler serves this route, where a value comes from and goes, what's security-relevant here) and gets deterministic answers instead of a pile of files to re-read.
Read post →
TheAuditor's live-host scanner reads operational context like backported kernels, ufw rules, container limits, and nginx redirects, so its findings are accurate instead of noisy. And it never drops a result silently.
Read post →
AI agents hallucinate because they guess. TheAuditor hands them deterministic facts, and wired into the full stack, it makes file-reading agents and self-graded SAST look like relics.
Read post →
Days from public launch, we pointed our own SAST at the license server we ship on. 204 findings, 0 launch-blockers, and the false-positive rate became the next product release.
Read post →
Every commercial SAST tool stops at the exec call. Ours doesn't. Here is what tracing a single piece of user input across multiple languages actually looks like.
Read post →
Application code and infrastructure code live in different repos, get scanned by different tools, and stay disconnected. Then the bash script that bridges them quietly passes a tainted value into terraform apply -var.
Read post →
AI agents waste tokens, hallucinate relationships, and miss cross-language flows because they read files instead of querying facts. We built the database that fixes it, and the MCP server that exposes it.
Read post →
TheAuditor, deterministic code context and polyglot SAST for AI agents, is about to ship.
Read post →
Provider freedom and serious token economics from Warden. Verified-fact code intelligence from TheAuditor. Why the pairing isn't a coincidence.
Read post →