AI has given rise to coding tools like MS Pilot that promise to save developers time, free up senior engineers’ time to engage in other activities such as training, and help to address shortages in skilled workers. In fact, 80 percent of developers worldwide reported they were currently using AI tools for writing code, making it the most popular use of AI in the development workflow for 2024.
However, while these tools can take care of simple coding tasks and automate parts of the process, Gartner Research warns there is a “security trade-off” when developers use AI tools to write code.
To help developers harness the benefits of AI without adding security risks to their code bases, DeepSource has brought cutting-edge security tools forward for the coder community.
DeepSource offers a unified DevSecOps platform for securing code, and its newly released Globstar is an open-source project with no restrictions on commercial usage. In this way, the DeepSource team hopes to improve code security standards within the application security (AppSec) community.
But what does Globstar offer, and how will it help to improve app security?
DeepSource’s mission is to help developers and companies write secure code using static analysis and AI, identifying vulnerabilities in code and suggesting fixes.
At the same time, the tech enterprise also believes that core components of code security should be freely available to all developers and security teams.
Globstar is a static code analysis toolkit that enables users to write code security checkers and run them in their continuous integration and continuous delivery pipelines. It is fully open source using the MIT license.
“After analyzing millions of lines of code daily at DeepSource, we kept hearing a common request from many enterprise customers: ‘How do we write custom checks specific to our codebase?’” said Sanket Saurav, co-founder and CEO of DeepSource.
“We used tree-sitter to write new checkers internally for our proprietary analyzers, and it played an important role in us rapidly responding to customer requests for new checkers. With Globstar, we realized we can put the same capability in our customers’ hands, which is why we decided to make it open-source,” added the executive.
The company’s existing clients can use the solution to codify custom security patterns — but the entire Globstar project is and will remain open to all.
While tools like CodePilot can help out with writing the codebases, developers had no access to a way to automate sophisticated run time checkers to weed out bugs and flaws that impact overall app security.
DeepSource secures businesses’ entire development lifecycle with static code analysis and AI. With its deep ties to the developer community and its position a leading DevSecOps platform, leaders and the cmpany realized this was a widespread global challenge that was also having an impact on the quality and usability of the final software products.
The team understood that the AppSec community needed faster, more reliable runtime to run checkers with sophisticated capabilities.
This led to the creation of Globstar.
The toolkit works with native query syntax to give developers direct access to their code’s actual AST structure, so when they’re debugging a checker, they’re working with the actual structure of their code, not an abstraction that could be hiding important details. That means checkers can work exactly as users expect them to.
And while other companies in the industry have moved towards licensing software tools, DeepSource was adamant that its security toolkit should be open-source so that everyone in the community can benefit.
“The AppSec community doesn’t want a rebrand of legacy software. They want a fresh alternative,” added Jai Pradeesh, co-founder of DeepSource.
“What developers need is an expert-led, open-source solution to code security that is reliable in the long term and future-proof.”
With Globstar, users can access a range of features and benefits from the MIT-licensed repository. Globstar is written using the high-level general-purpose programming language Go, with native tree-sitter bindings, distributed as a single binary.
What’s more, users can use the technology without needing to build anything, by writing all their checkers in a “.globstar” folder in their repo, in YAML or Go, and running “globstar check”.
The tool supports developers with a gradual learning curve that runs increasingly sophisticated security check processes to boost app security. For example, coders can start with the YAML interface for simple patterns and graduate to the Go Interface when they need sophisticated features like cross-file analysis and scope resolution. Additionally, the Globstar toolkit is available in over 20 languages meaning that the global AppSec community can utilize the benefits to improve overall security standards.
The developer community has a collective responsibility to build and maintain secure apps. While AI tools are helping to save and time resources when writing code, Globstar represents the public toolkit designed by developers, for developers to offer a free way to run security checks during app development.
The gaming industry has long been a space for connection, competition, and creativity, but if…
Most people imagine Hollywood-style underground hacking scenes as mysterious figures in hoodies selling stolen data…
Barcelona is gearing up to host the Mobile World Congress (MWC) 2025, the world’s largest…
Going for an interview or writing a winning resume have always been tasks that require…
DARPA is putting together a research program to develop bioelectronic "smart bandages" loaded with sensors…
According to Ember, the US generates 41% of its electricity from clean sources, higher than…