I spent the last few months building a fully offline SAST security scanner that I think deserves more attention.
The Problem
Most free static analysis tools (Bandit, Semgrep OSS) focus on injection bugs like SQLi and XSS. They completely miss authorization flaws — the IDOR, auth bypass, and ownership verification issues that cause real data breaches. Tools like CodeQL can find these but require manual query writing and a massive database.
What Ansede Static Does Differently
Built-in IDOR/auth bypass detection — no custom rules needed






