DeepSource Releases Globstar
February 27, 2025

DeepSource released Globstar, an open-source project bringing code security tooling to the AppSec community, with no restrictions on commercial usage.

Globstar is a static code analysis toolkit that enables users to write code security checkers and run them in their CI/CD pipelines. It is fully open source using the MIT license.

DeepSource's mission is to help developers and companies write secure code using static analysis and AI, identifying vulnerabilities in code and suggesting fixes. However, the company also believes that core components of code security should be freely available to all developers and security teams.

"After analyzing millions of lines of code daily at DeepSource, we kept hearing a common request from many enterprise customers: '˜How do we write custom checks specific to our codebase?'" says Sanket Saurav, co-founder and CEO of DeepSource. "We used tree-sitter to write new checkers internally for our proprietary analyzers, and it played an important role in us rapidly responding to customer requests for new checkers. With Globstar, we realized we can put the same capability in our customers' hands, which is why we decided to make it open-source."

DeepSource's existing clients can use Globstar to codify custom security patterns — but the entire Globstar project is and will remain open to all.

"The AppSec community doesn't want a rebrand of legacy software. They want a fresh alternative," says Jai Pradeesh, co-founder of DeepSource. "What developers need is an expert-led, open-source solution to code security that is reliable in the long term and future-proof."

Key features of Globstar are:

- Written using the high-level general-purpose programming language Go, with native tree-sitter bindings, distributed as a single binary.

- MIT-licensed

- Users can run Globstar without needing to build anything, by writing all their checkers in a "globstar" folder in their repo, in YAML or Go, and running "globstar check"

- Multi-language support through tree-sitter (20+ languages today)

- Gradual learning curve: coders can start with the YAML interface for simple patterns

Share this

Industry News

May 01, 2025

Check Point® Software Technologies Ltd.(link is external) announced that its Quantum Firewall Software R82 — the latest version of Check Point’s core network security software delivering advanced threat prevention and scalable policy management — has received Common Criteria EAL4+ certification, further reinforcing its position as a trusted security foundation for critical infrastructure, government, and defense organizations worldwide.

May 01, 2025

Postman announced full support for the Model Context Protocol (MCP), helping users build better AI Agents, faster.

May 01, 2025

Opsera announced new Advanced Security Dashboard capabilities available as an extension of Opsera's Unified Insights for GitHub Copilot.

May 01, 2025

Lineaje launched new capabilities including Lineaje agentic AI-powered self-healing agents that autonomously secure open-source software, source code and containers, Gold Open Source Packages and Gold Open Source Images that enable organizations to source trusted, pre-fixed open-source software, and a software crawling and analysis engine, SCA360, that discovers and contextualizes risks at all software development stages.

April 30, 2025

Lenses.io announced the release of Lenses 6.0, enabling organizations to modernize applications and systems with real-time data as AI adoption accelerates.

April 30, 2025

Sonata Software has achieved Amazon Web Services (AWS) DevOps Competency status.

April 29, 2025

vFunction® announced significant platform advancements that reduce complexity across the architectural spectrum and target the growing disconnect between development speed and architectural integrity.

April 29, 2025

Sonatype® introduced major enhancements to Repository Firewall that expand proactive malware protection across the enterprise — from developer workstations to the network edge.

April 29, 2025

Aqua Security introduced Secure AI, full lifecycle security from code to cloud to prompt.

April 29, 2025

Salt Security announced the launch of the Salt Model Context Protocol (MCP) Server, giving enterprise teams a novel access point of interaction with their API infrastructure, leveraging natural language and artificial intelligence (AI).

April 28, 2025

The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, announced the graduation of in-toto, a software supply chain security framework developed at the NYU Tandon School of Engineering.

April 28, 2025

SnapLogic announced the launch of its next-generation API management (APIM) solution, helping organizations accelerate their journey to a composable and agentic enterprise.

April 28, 2025

Apiiro announced Software Graph Visualization, an interactive map that enables users to visualize their software architectures across all components, vulnerabilities, toxic combinations, blast radius, data exposure and material changes in real time.

April 24, 2025

Check Point® Software Technologies Ltd.(link is external) and Illumio, the breach containment company, announced a strategic partnership to help organizations strengthen security and advance their Zero Trust posture.