#staticanalysis — Public Fediverse posts

Rust's compile-time guarantees are deliberately incomplete - the compiler catches most issues, but not all. What's left behind is the question.

At Oxidize 2026, Rolland Dudemaine (TrustInSoft) shares findings from analysing production Rust code: what bugs survive, and when additional tooling is worth it.

🔗 https://oxidizeconf.com/sessions/whats_left_to_find_in_rust

#Oxidize2026 #RustLang #FormalVerification #StaticAnalysis #CodeQuality

Rust's compile-time guarantees are deliberately incomplete - the compiler catches most issues, but not all. What's left behind is the question.

At Oxidize 2026, Rolland Dudemaine (TrustInSoft) shares findings from analysing production Rust code: what bugs survive, and when additional tooling is worth it.

🔗 https://oxidizeconf.com/sessions/whats_left_to_find_in_rust

#Oxidize2026 #RustLang #FormalVerification #StaticAnalysis #CodeQuality

Rust's compile-time guarantees are deliberately incomplete - the compiler catches most issues, but not all. What's left behind is the question.

At Oxidize 2026, Rolland Dudemaine (TrustInSoft) shares findings from analysing production Rust code: what bugs survive, and when additional tooling is worth it.

🔗 https://oxidizeconf.com/sessions/whats_left_to_find_in_rust

#Oxidize2026 #RustLang #FormalVerification #StaticAnalysis #CodeQuality

Rust's compile-time guarantees are deliberately incomplete - the compiler catches most issues, but not all. What's left behind is the question.

At Oxidize 2026, Rolland Dudemaine (TrustInSoft) shares findings from analysing production Rust code: what bugs survive, and when additional tooling is worth it.

🔗 https://oxidizeconf.com/sessions/whats_left_to_find_in_rust

#Oxidize2026 #RustLang #FormalVerification #StaticAnalysis #CodeQuality

We released 1.2.0 of event-sourcing-phpstan-extension! See here for the changelog: https://github.com/patchlevel/event-sourcing-phpstan-extension/releases/tag/1.2.0
#PHP #DDD #EventSourcing #PHPStan #StaticAnalysis

We released 1.2.0 of event-sourcing-phpstan-extension! See here for the changelog: https://github.com/patchlevel/event-sourcing-phpstan-extension/releases/tag/1.2.0
#PHP #DDD #EventSourcing #PHPStan #StaticAnalysis

Recently, I made a stupid mistake that made me think about the way C++ APIs handle dependencies and what we can do to prevent dangling references and lifetime issues. 🤔

It was a surprisingly fun topic to explore that led me to the discovery of a very cool static analysis tool. Can you guess which one? 😎

You can find out in the article I wrote about the topic here:
➤ https://medium.com/@nerudaj/type-safe-dependency-management-in-c-a293703f00ff

#cpp #StaticAnalysis #SoftwareEngineering

Recently, I made a stupid mistake that made me think about the way C++ APIs handle dependencies and what we can do to prevent dangling references and lifetime issues. 🤔

It was a surprisingly fun topic to explore that led me to the discovery of a very cool static analysis tool. Can you guess which one? 😎

You can find out in the article I wrote about the topic here:
➤ https://medium.com/@nerudaj/type-safe-dependency-management-in-c-a293703f00ff

#cpp #StaticAnalysis #SoftwareEngineering

Recently, I made a stupid mistake that made me think about the way C++ APIs handle dependencies and what we can do to prevent dangling references and lifetime issues. 🤔

It was a surprisingly fun topic to explore that led me to the discovery of a very cool static analysis tool. Can you guess which one? 😎

You can find out in the article I wrote about the topic here:
➤ https://medium.com/@nerudaj/type-safe-dependency-management-in-c-a293703f00ff

#cpp #StaticAnalysis #SoftwareEngineering

Recently, I made a stupid mistake that made me think about the way C++ APIs handle dependencies and what we can do to prevent dangling references and lifetime issues. 🤔

It was a surprisingly fun topic to explore that led me to the discovery of a very cool static analysis tool. Can you guess which one? 😎

You can find out in the article I wrote about the topic here:
➤ https://medium.com/@nerudaj/type-safe-dependency-management-in-c-a293703f00ff

#cpp #StaticAnalysis #SoftwareEngineering

Recently, I made a stupid mistake that made me think about the way C++ APIs handle dependencies and what we can do to prevent dangling references and lifetime issues. 🤔

It was a surprisingly fun topic to explore that led me to the discovery of a very cool static analysis tool. Can you guess which one? 😎

You can find out in the article I wrote about the topic here:
➤ https://medium.com/@nerudaj/type-safe-dependency-management-in-c-a293703f00ff

#cpp #StaticAnalysis #SoftwareEngineering

REMnux v8 represents a structural modernization of a long-standing malware analysis distribution.

Technical highlights:
• Migration to Ubuntu 24.04 (modern kernel + LTS support)
• Cast-based installer replacing legacy CLI deployment
• AI-assisted workflows via MCP server
• Integration support for Ghidra with AI plugins

Tooling refresh includes:
YARA-X (Rust rewrite for performance improvements)
GoReSym (symbol recovery for Go binaries)
APKiD (Android packer detection)
Manalyze (PE/ELF/MachO static parsing)
This release signals an industry shift toward AI-augmented reverse engineering pipelines.
Is AI-assisted RE the new baseline for threat labs?

Source: https://cyberpress.org/remnux-v8-released/

Engage below.
Follow @technadu for deep technical cybersecurity updates.

#ThreatResearch #MalwareAnalysis #ReverseEngineering #YARAX #GoBinary #DFIR #Infosec #AIinSecurity #BlueTeam #StaticAnalysis #OpenSourceSecurity #SOC #ThreatHunting

REMnux v8 represents a structural modernization of a long-standing malware analysis distribution.

Technical highlights:
• Migration to Ubuntu 24.04 (modern kernel + LTS support)
• Cast-based installer replacing legacy CLI deployment
• AI-assisted workflows via MCP server
• Integration support for Ghidra with AI plugins

Tooling refresh includes:
YARA-X (Rust rewrite for performance improvements)
GoReSym (symbol recovery for Go binaries)
APKiD (Android packer detection)
Manalyze (PE/ELF/MachO static parsing)
This release signals an industry shift toward AI-augmented reverse engineering pipelines.
Is AI-assisted RE the new baseline for threat labs?

Source: https://cyberpress.org/remnux-v8-released/

Engage below.
Follow @technadu for deep technical cybersecurity updates.

#ThreatResearch #MalwareAnalysis #ReverseEngineering #YARAX #GoBinary #DFIR #Infosec #AIinSecurity #BlueTeam #StaticAnalysis #OpenSourceSecurity #SOC #ThreatHunting

REMnux v8 represents a structural modernization of a long-standing malware analysis distribution.

Technical highlights:
• Migration to Ubuntu 24.04 (modern kernel + LTS support)
• Cast-based installer replacing legacy CLI deployment
• AI-assisted workflows via MCP server
• Integration support for Ghidra with AI plugins

Tooling refresh includes:
YARA-X (Rust rewrite for performance improvements)
GoReSym (symbol recovery for Go binaries)
APKiD (Android packer detection)
Manalyze (PE/ELF/MachO static parsing)
This release signals an industry shift toward AI-augmented reverse engineering pipelines.
Is AI-assisted RE the new baseline for threat labs?

Source: https://cyberpress.org/remnux-v8-released/

Engage below.
Follow @technadu for deep technical cybersecurity updates.

#ThreatResearch #MalwareAnalysis #ReverseEngineering #YARAX #GoBinary #DFIR #Infosec #AIinSecurity #BlueTeam #StaticAnalysis #OpenSourceSecurity #SOC #ThreatHunting

REMnux v8 represents a structural modernization of a long-standing malware analysis distribution.

Technical highlights:
• Migration to Ubuntu 24.04 (modern kernel + LTS support)
• Cast-based installer replacing legacy CLI deployment
• AI-assisted workflows via MCP server
• Integration support for Ghidra with AI plugins

Tooling refresh includes:
YARA-X (Rust rewrite for performance improvements)
GoReSym (symbol recovery for Go binaries)
APKiD (Android packer detection)
Manalyze (PE/ELF/MachO static parsing)
This release signals an industry shift toward AI-augmented reverse engineering pipelines.
Is AI-assisted RE the new baseline for threat labs?

Source: https://cyberpress.org/remnux-v8-released/

Engage below.
Follow @technadu for deep technical cybersecurity updates.

#ThreatResearch #MalwareAnalysis #ReverseEngineering #YARAX #GoBinary #DFIR #Infosec #AIinSecurity #BlueTeam #StaticAnalysis #OpenSourceSecurity #SOC #ThreatHunting

Brakeman provides static analysis for Ruby on Rails by modeling data flow across application components and mapping results to known vulnerability patterns.

Its strength lies in early-stage visibility: identifying code-level issues, insecure configurations, and vulnerable dependencies before deployment. Support for baselining and result comparison helps teams manage findings over time.

From a security engineering perspective:
How do you measure the long-term value of static tools in mature Rails environments?

Source: https://www.helpnetsecurity.com/2026/01/26/brakeman-open-source-vulnerability-scanner-ruby-on-rails/

Join the discussion and follow @technadu for grounded AppSec coverage.

#ApplicationSecurity #StaticAnalysis #RailsSecurity #DevSecOps #Infosec #TechNadu

Brakeman provides static analysis for Ruby on Rails by modeling data flow across application components and mapping results to known vulnerability patterns.

Its strength lies in early-stage visibility: identifying code-level issues, insecure configurations, and vulnerable dependencies before deployment. Support for baselining and result comparison helps teams manage findings over time.

From a security engineering perspective:
How do you measure the long-term value of static tools in mature Rails environments?

Source: https://www.helpnetsecurity.com/2026/01/26/brakeman-open-source-vulnerability-scanner-ruby-on-rails/

Join the discussion and follow @technadu for grounded AppSec coverage.

#ApplicationSecurity #StaticAnalysis #RailsSecurity #DevSecOps #Infosec #TechNadu

Brakeman provides static analysis for Ruby on Rails by modeling data flow across application components and mapping results to known vulnerability patterns.

Its strength lies in early-stage visibility: identifying code-level issues, insecure configurations, and vulnerable dependencies before deployment. Support for baselining and result comparison helps teams manage findings over time.

From a security engineering perspective:
How do you measure the long-term value of static tools in mature Rails environments?

Source: https://www.helpnetsecurity.com/2026/01/26/brakeman-open-source-vulnerability-scanner-ruby-on-rails/

Join the discussion and follow @technadu for grounded AppSec coverage.

#ApplicationSecurity #StaticAnalysis #RailsSecurity #DevSecOps #Infosec #TechNadu

Brakeman provides static analysis for Ruby on Rails by modeling data flow across application components and mapping results to known vulnerability patterns.

Its strength lies in early-stage visibility: identifying code-level issues, insecure configurations, and vulnerable dependencies before deployment. Support for baselining and result comparison helps teams manage findings over time.

From a security engineering perspective:
How do you measure the long-term value of static tools in mature Rails environments?

Source: https://www.helpnetsecurity.com/2026/01/26/brakeman-open-source-vulnerability-scanner-ruby-on-rails/

Join the discussion and follow @technadu for grounded AppSec coverage.

#ApplicationSecurity #StaticAnalysis #RailsSecurity #DevSecOps #Infosec #TechNadu

What the fuck is PHPStan

https://mago.carthage.software/

#PHP #StaticAnalysis #Mago #Rust #Performance

What the fuck is PHPStan

https://mago.carthage.software/

#PHP #StaticAnalysis #Mago #Rust #Performance

What the fuck is PHPStan

https://mago.carthage.software/

#PHP #StaticAnalysis #Mago #Rust #Performance

What the fuck is PHPStan

https://mago.carthage.software/

#PHP #StaticAnalysis #Mago #Rust #Performance

What the fuck is PHPStan

https://mago.carthage.software/

#PHP #StaticAnalysis #Mago #Rust #Performance

Mozilla's Firefox team explored extending Clang's Static Analyzer for whole-project taint tracking, aiming to devirtualize virtual calls across files. The prototype showed promise in richer control-flow modeling but stalled on ASTImporter's limitations in cross-file imports. This highlights the hurdles in scaling static analysis for complex codebases, urging better tools for open-source reliability. Thoughts on advancing CTU support? #OpenSource #StaticAnalysis #TechEthics

Python static analysis advances as mypy-pure and mypy-raise tackle purity and exception handling gaps. These tools enhance reliability by extending type checking into critical areas, supporting developers in building more robust and responsible code. Python's ecosystem evolves thoughtfully. #Python #StaticAnalysis #TechEthics

Python static analysis advances as mypy-pure and mypy-raise tackle purity and exception handling gaps. These tools enhance reliability by extending type checking into critical areas, supporting developers in building more robust and responsible code. Python's ecosystem evolves thoughtfully. #Python #StaticAnalysis #TechEthics

Python static analysis advances as mypy-pure and mypy-raise tackle purity and exception handling gaps. These tools enhance reliability by extending type checking into critical areas, supporting developers in building more robust and responsible code. Python's ecosystem evolves thoughtfully. #Python #StaticAnalysis #TechEthics

Python static analysis advances as mypy-pure and mypy-raise tackle purity and exception handling gaps. These tools enhance reliability by extending type checking into critical areas, supporting developers in building more robust and responsible code. Python's ecosystem evolves thoughtfully. #Python #StaticAnalysis #TechEthics

Python static analysis advances as mypy-pure and mypy-raise tackle purity and exception handling gaps. These tools enhance reliability by extending type checking into critical areas, supporting developers in building more robust and responsible code. Python's ecosystem evolves thoughtfully. #Python #StaticAnalysis #TechEthics

Tôi muốn hiểu cách mã độc hoạt động, nên đã tự xây dựng trình phân tích mã độc. Sử dụng phân tích tĩnh với Ghidra và Python, tôi tạo ra pipeline đơn giản, tự động, dễ mở rộng để trích xuất đặc điểm, áp dụng heuristic và kiểm tra danh tính qua VirusTotal. Dự án giúp hiểu sâu về hạn chế của phân tích tĩnh, vai trò của enrichment và cách đưa quyết định phân loại. Kết quả: công cụ minh bạch, có thể kiểm tra lại và là nền tảng tốt cho nghiên cứu ML/LLM. #MalwareAnalysis #Cybersecurity #StaticAnalysis

We released 3.2.0 of event-sourcing-psalm-plugin! See here for the changelog: https://github.com/patchlevel/event-sourcing-psalm-plugin/releases/tag/3.2.0
#PHP #DDD #EventSourcing #Psalm #StaticAnalysis

We released 3.2.0 of event-sourcing-psalm-plugin! See here for the changelog: https://github.com/patchlevel/event-sourcing-psalm-plugin/releases/tag/3.2.0
#PHP #DDD #EventSourcing #Psalm #StaticAnalysis

We released 3.2.0 of event-sourcing-psalm-plugin! See here for the changelog: https://github.com/patchlevel/event-sourcing-psalm-plugin/releases/tag/3.2.0
#PHP #DDD #EventSourcing #Psalm #StaticAnalysis

We released 3.2.0 of event-sourcing-psalm-plugin! See here for the changelog: https://github.com/patchlevel/event-sourcing-psalm-plugin/releases/tag/3.2.0
#PHP #DDD #EventSourcing #Psalm #StaticAnalysis

We released 3.2.0 of event-sourcing-psalm-plugin! See here for the changelog: https://github.com/patchlevel/event-sourcing-psalm-plugin/releases/tag/3.2.0
#PHP #DDD #EventSourcing #Psalm #StaticAnalysis

Working on a little static analysis of #Python code for common student snafus, but I haven't found the right tool yet. What library or technique beats regex (this seems easy) for finding calls to a certain function, or a function defined but never called?

I thought I might be able to figure this out by reading the CPython bytecode but not quite. All ideas welcome.

#computerscience #programming #development #staticanalysis #metrics #pedagogy

Working on a little static analysis of #Python code for common student snafus, but I haven't found the right tool yet. What library or technique beats regex (this seems easy) for finding calls to a certain function, or a function defined but never called?

I thought I might be able to figure this out by reading the CPython bytecode but not quite. All ideas welcome.

#computerscience #programming #development #staticanalysis #metrics #pedagogy

Working on a little static analysis of #Python code for common student snafus, but I haven't found the right tool yet. What library or technique beats regex (this seems easy) for finding calls to a certain function, or a function defined but never called?

I thought I might be able to figure this out by reading the CPython bytecode but not quite. All ideas welcome.

#computerscience #programming #development #staticanalysis #metrics #pedagogy

Working on a little static analysis of #Python code for common student snafus, but I haven't found the right tool yet. What library or technique beats regex (this seems easy) for finding calls to a certain function, or a function defined but never called?

I thought I might be able to figure this out by reading the CPython bytecode but not quite. All ideas welcome.

#computerscience #programming #development #staticanalysis #metrics #pedagogy

Working on a little static analysis of #Python code for common student snafus, but I haven't found the right tool yet. What library or technique beats regex (this seems easy) for finding calls to a certain function, or a function defined but never called?

I thought I might be able to figure this out by reading the CPython bytecode but not quite. All ideas welcome.

#computerscience #programming #development #staticanalysis #metrics #pedagogy

Are you a UK-based senior software developer who's interested in #compilers, #staticanalysis and/or #database engine implementation? Take a look at https://www.github.careers/careers-home/jobs/4504

#fedihire #getfedihired #fedihired

Are you a UK-based senior software developer who's interested in #compilers, #staticanalysis and/or #database engine implementation? Take a look at https://www.github.careers/careers-home/jobs/4504

#fedihire #getfedihired #fedihired

Are you a UK-based senior software developer who's interested in #compilers, #staticanalysis and/or #database engine implementation? Take a look at https://www.github.careers/careers-home/jobs/4504

#fedihire #getfedihired #fedihired

Are you a UK-based senior software developer who's interested in #compilers, #staticanalysis and/or #database engine implementation? Take a look at https://www.github.careers/careers-home/jobs/4504

#fedihire #getfedihired #fedihired

Are you a UK-based senior software developer who's interested in #compilers, #staticanalysis and/or #database engine implementation? Take a look at https://www.github.careers/careers-home/jobs/4504

#fedihire #getfedihired #fedihired

One Open-source Project Daily

CLI tool and library for generating a Software Bill of Materials from container images and filesystems

https://github.com/anchore/syft

#1ospd #opensource #containers #cyclonedx #docker #go #golang #hacktoberfest #oci #sbom #spdx #staticanalysis #tool

One Open-source Project Daily

CLI tool and library for generating a Software Bill of Materials from container images and filesystems

https://github.com/anchore/syft

#1ospd #opensource #containers #cyclonedx #docker #go #golang #hacktoberfest #oci #sbom #spdx #staticanalysis #tool

One Open-source Project Daily

CLI tool and library for generating a Software Bill of Materials from container images and filesystems

https://github.com/anchore/syft

#1ospd #opensource #containers #cyclonedx #docker #go #golang #hacktoberfest #oci #sbom #spdx #staticanalysis #tool

One Open-source Project Daily

CLI tool and library for generating a Software Bill of Materials from container images and filesystems

https://github.com/anchore/syft

#1ospd #opensource #containers #cyclonedx #docker #go #golang #hacktoberfest #oci #sbom #spdx #staticanalysis #tool