MIT licensed Semantic SAST for teams adopting AI-generated code.
Open-source semantic SAST engine

Find real vulnerabilities in AI-written code.

Local, deterministic, MCP-native. Trace tainted data across functions, files, and frameworks — from your terminal, your CI, your product, or Claude's tools. No server, no phone-home, no LLM tokens burned per scan.

See where it runs View on GitHub $ npm install -g cognium-dev
100%OWASP · synthetic
13upstream fixes shipped
8languages
19CWE types
AuthController.java
12
String id = req.getParameter("id");source: HTTP parameter
18
String q = "SELECT * WHERE id=" + id;taint: full propagation
25
stmt.execute(q);sink: SQL execution
CWE-89 SQL Injection Critical - line 25
Analysis model

Built around data flow, not pattern matching.

Traditional scanners match dangerous text. Cognium builds a flow graph, follows values through the program, and only reports when tainted input reaches a sensitive sink without a sanitizer.

01

Source detection

HTTP parameters, headers, cookies, file uploads, environment variables, CLI args, and framework-specific request objects.

02

Inter-procedural tracking

Flows are followed across function calls, return values, object fields, map keys, array indexes, conditionals, and common framework abstractions.

03

Sanitizer aware

Prepared statements, HTML escaping, URL validation, framework encoders, and custom YAML definitions reduce noise without hiding risk.

Reproducible proof

Benchmarks you can run yourself.

The open-source engine runs without an LLM. Optional model-assisted discovery can be layered on top for deeper research workflows, while the static engine remains deterministic.

OWASP Benchmark v1.2 · synthetic
100%
Juliet Test Suite · synthetic
156/156
SecuriBench Micro · real-world
97.7%
CWE-Bench-Java · real-world
50.8%
CWE-Bench-Java · static-only detectionreal-world
Cognium (static)     50.8%   61 / 120 CVEs
IRIS + GPT-4         45.8%   55 / 120 CVEs
CodeQL               22.5%   27 / 120 CVEs

Deterministic, reproducible, no LLM required.
Coverage

Framework-aware rules across the stack.

Cognium ships with source, sink, and sanitizer definitions for popular server frameworks, plus YAML configuration for teams adding their own architecture patterns.

JavaSpring, JAX-RS, Servlet
JavaScriptExpress, Fastify, Koa
TypeScriptExpress, Fastify, Koa
PythonFlask, Django, FastAPI
Gonet/http, Gin, Echo
RustActix-web, Rocket, Axum
BashShell scripts
HTMLSecurity attributes
CWE classes

The high-risk paths AI agents keep getting wrong.

SQL injection, command injection, XSS, path traversal, SSRF, deserialization, XXE, LDAP injection, NoSQL injection, response splitting, weak randomness, weak crypto, and more.

CWE-89
SQLi
CWE-78
Command
CWE-79
XSS
CWE-22
Paths
CWE-918
SSRF
CWE-502
Deserialize
Where to use it

One engine. Every surface a developer works on.

The cogniumhq/cognium-dev monorepo ships three npm packages — a CLI, a Node/browser library, and an MCP server — so the same deterministic engine runs from your terminal, inside your product, or as a tool your AI agent can call.

Terminal CLI

Global install, scan a folder, get SARIF back. The fastest way to try it on your own repo.

npm i -g cognium-dev
cognium-dev scan ./src

Node / TS library

Embed cognium-dev inside your own product, service, or agent framework — the same engine as the CLI, called programmatically.

import { analyze } from 'cognium-dev';
const r = await analyze(code, 'app.ts', 'ts');

Browser web build

The browser export runs the engine in the browser — power web IDEs, code playgrounds, or client-side review tools without a server.

import { analyze } from
  'cognium-dev/browser';

AI agents MCP

Give Claude, Cursor, or Windsurf a first-class scan tool. One-line install, ten deterministic MCP tools ready to call.

claude mcp add cognium -- \
  npx -y @cognium/mcp-server

GitHub Actions CI

Drop into any workflow, emit SARIF, upload to code scanning. No hosted server, no service account.

- uses: cogniumhq/cognium-dev/\
    packages/cli@latest

Pre-commit hook git

Catch obvious taint flows before code leaves the developer's machine.

- id: cognium-dev
  entry: cognium-dev scan
  language: system

Everywhere SARIF is read SARIF 2.1

Findings plug into GitHub / GitLab code scanning, DefectDojo, VS Code SARIF Viewer, and any dashboard that already reads the format.

cognium-dev scan ./src \
  --format sarif -o out.sarif

VS Code extension coming soon

First-party editor extension in development — Problems-panel findings, inline severity, hover explanations. Follow along on GitHub.

# in development
# ★ the repo to get notified
MCP server

SAST as a first-class AI-agent tool.

@cognium/mcp-server exposes the deterministic cognium-dev pipeline as ten Model Context Protocol tools — scan, taint paths, entry points, sink descriptions, sanitizer checks. The LLM never guesses the engine's state; it calls a tool and gets a grounded answer.

scanFull polyglot SAST on a file or directory. Returns findings, taint flows, cross-file paths.
taint_pathsCross-file taint flows, filterable by source, sink, or sink type.
explain_findingCWE metadata, remediation, severity, sanitizer suggestions for one finding.
list_entry_pointsEvery attacker-reachable handler grouped by framework.
list_reachable_sinksSinks of a category that have a real taint flow reaching them.
attack_surface_summaryRoll-up: entry points × sinks × cross-file paths + top files by finding count.
check_sanitizerDeterministic yes/no on whether a function sanitizes for a given sink category.
describe_sinkCWE, remediation, severity, and sanitizer list for a sink category.
describe_sourceFramework API patterns treated as a source of a category.
find_similarGiven a finding id, return other findings sharing the same rule.
~/.config/claude/mcp.jsonMCP config
{
  "mcpServers": {
    "cognium": {
      "command": "npx",
      "args": ["-y", "@cognium/mcp-server"]
    }
  }
}
Get started

Install once. Scan anywhere.

Local, in pre-commit hooks, or in CI. SARIF output plugs into GitHub code scanning and every review workflow that already reads the format.

terminalcognium-dev scan
$ npm install -g cognium-dev
$ cognium-dev scan ./src --format sarif -o results.sarif

src/controllers/AuthController.java
  [critical] sql_injection CWE-89
  tainted data flows from line 12 to line 45
  fix: use PreparedStatement with parameters

Found 1 vulnerability in 1 file.
Product family

Same substrate. Two upgrade paths.

The engine you install with npm is the same one that powers the grounded pipeline on cognium.net. Start OSS — and if you later need higher recall on messy real-world code, the same substrate plus a grounded LLM verdict layer is cognium-ai.

MIT · OSS · this site

cognium-dev

The SAST substrate — deterministic and local.

  • SAST engine, CLI, and MCP server in one monorepo
  • Runs on your machine, in CI, in the browser, or inside your product
  • 50.8% on CWE-Bench-Java (static-only, real-world)
  • No phone-home, no LLM tokens per scan, no server
Commercial · cognium.net

cognium-ai

Substrate + grounded LLM verdict layer.

  • Same cognium-dev substrate underneath
  • Adds a grounded verdict layer for context-specific triage
  • 86.7% on CWE-Bench-Java (grounded pipeline)
  • Managed hosting, enterprise memory, private evaluation

Help make AI-generated code trustworthy.

Contribute framework definitions, benchmark cases, editor integrations, and CI examples. MIT licensed and built in the open — jump into the community hub or head straight to Discussions.