Open Source

Projects we’re building.

Tools at the intersection of static analysis, formal methods, and language models.

01

Frame

A separation-logic verification tool with security scanning. Frame uses SMT-backed reasoning to verify entailments and to find and confirm vulnerabilities across multiple languages.

View on GitHub
02

Autogrep

Automates Semgrep rule generation and filtering by using LLMs to analyze vulnerability patches, enabling automatic creation of high-quality security rules without manual curation.

View on GitHub
03

AutoFix

Combines static analysis with large language models to automatically scan and fix vulnerabilities, using the Semgrep static analyzer and the SantaFixer LLM.

View on GitHub
04

Botwall4J

A botwall for Java web applications that helps prevent automated threats such as content scraping, brute-force logins, and false clicks. Implemented as a Java servlet filter.

View on GitHub
05

Lambda Advisory Database

A database of vulnerabilities associated with functional programming languages — a look at the kinds of defects that lead to security issues in functional languages.

View on GitHub