I spent the last few months building a fully offline SAST security scanner that I think deserves more attention.

The Problem

Most free static analysis tools (Bandit, Semgrep OSS) focus on injection bugs like SQLi and XSS. They completely miss authorization flaws — the IDOR, auth bypass, and ownership verification issues that cause real data breaches. Tools like CodeQL can find these but require manual query writing and a massive database.

What Ansede Static Does Differently

Built-in IDOR/auth bypass detection — no custom rules needed