Dev Central

Build, verify, and contribute with the open-source engine.

A focused developer hub for getting Cognium into local scans, CI, benchmark runs, framework rules, and community contributions.

Choose a path Ask the community Read GitHub docs
Start here

Pick the workflow you are trying to prove.

Each path maps to a concrete developer outcome: a local scan, a CI signal, a reproduced benchmark, or a contribution that expands coverage.

01

Run it locally

Install the CLI, scan a small service, and confirm findings before wiring anything into shared automation.

  • npm install -g cognium
  • cognium scan ./src
  • Review source-to-sink traces
02

Gate pull requests

Emit SARIF in CI, publish findings into code scanning, and start with high-severity policies before broad rollout.

  • GitHub Actions examples
  • SARIF output
  • Severity thresholds
03

Extend coverage

Add framework sources, sinks, and sanitizers in YAML so Cognium understands your stack and reduces review noise.

  • Framework definitions
  • Custom sanitizers
  • Regression cases
Verification

Reproduce the claims before adopting the tool.

Cognium should be evaluated the way developers evaluate infrastructure: install it, inspect it, run it against known cases, and compare the evidence.

Inspect source Review benchmarks
developer checklistreproducible
1. Install the CLI from npm
2. Scan a known vulnerable fixture
3. Review the taint trace and SARIF output
4. Compare against OWASP, Juliet, and SecuriBench
5. Open issues or discussions for gaps

Need a path that is not documented yet?

Bring the use case to the forums so maintainers and contributors can route it to docs, an issue, or a framework rule proposal.

Open Forums File an issue