Search code, repositories, users, issues, pull requests...

Globstar is an open-source static analysis toolkit that enables developers and security engineers to write code analysis checkers and run them using a single, portable binary. Built with performance in mind, Globstar leverages tree-sitter for powerful AST-based analysis while providing a simple, intuitive interface for writing checkers using the tree-sitter query language. More sophisticated lints can be written using the Go API, which provides access to the tree-sitter AST and the ability to resolve imports and scopes.

Write all your checker checkers in the .globstar directory for your repository and use the globstar check command to run them all across your codebase. Configuration can be specified in .globstar/.config.yml.

Lightning-fast: Written in Go, Globstar is designed to be fast and efficient, making it suitable for large codebases. It's distributed as a single binary, so you don't need to worry about dependencies.

Tree-sitter integration: Write checkers using tree-sitter's S-expressions instead of learning a custom DSL. For more sophisticated checkers, you can write them in Go using tree-sitter's Go bindings — with multi-file support, import and scope resolution, and more.

Leave a Comment