Questions and support
Use discussions for installation help, scan interpretation, SARIF setup, and configuration questions.
One hub for cognium.dev: discussion routes, install and CI paths, benchmark reproduction, and every link you need to contribute back.
License, releases, packages, and contribution channels — one strip, so you can vet the project in seconds.
Keeping questions routed correctly makes the project easier to search and gives maintainers enough context to respond usefully.
Use discussions for installation help, scan interpretation, SARIF setup, and configuration questions.
Describe the framework, source objects, sinks, sanitizers, and small fixtures that should be covered.
Share reproduction results, false positive examples, false negatives, and methodology questions.
Each path maps to a concrete developer outcome: a local scan, a CI signal, a reproduced benchmark, or a contribution that expands coverage.
Install the CLI, scan a small service, and confirm findings before wiring anything into shared automation.
npm install -g cognium-devcognium-dev scan ./srcEmit SARIF in CI, publish findings into code scanning, and start with high-severity policies before broad rollout.
Add framework sources, sinks, and sanitizers in YAML so Cognium understands your stack and reduces review noise.
Cognium should be evaluated the way developers evaluate infrastructure: install it, inspect it, run it against known cases, and compare the evidence.
1. Install the CLI from npm 2. Scan a known vulnerable fixture 3. Review the taint trace and SARIF output 4. Compare against OWASP, Juliet, and SecuriBench 5. Open issues or discussions for gaps
Bring it to Discussions so maintainers and contributors can route it to docs, an issue, or a framework rule proposal.