Globstar is designed with a gradual learning curve, offering a simple YAML interface for basic checkers and a more complex Go interface for advanced features like cross-file analysis and data flow analysis. The toolkit is written in Go with native tree-sitter bindings and is distributed as a single binary under the MIT license. Users can write checkers in a ".globstar" folder within their repository and execute them with a simple command. Globstar supports over 20 languages through tree-sitter and aims to address the needs of AppSec and DevOps teams by enabling them to enforce learned anti-patterns and security rules across their organizations.
Key takeaways:
- DeepSource has open-sourced Globstar, a static analysis toolkit that allows users to write custom code quality and security checkers in YAML or Go.
- Globstar leverages tree-sitter for creating checkers, enabling direct access to the code's actual AST structure, which enhances rule accuracy and debugging.
- The toolkit is designed with a gradual learning curve, offering a simple YAML interface for basic checkers and a more complex Go interface for advanced scenarios.
- Globstar supports multi-language analysis through tree-sitter and is distributed as a single binary under the MIT license.