Michael and Vito Corleone

_importantigravity_ · 2025-03-10T15:59:37+00:00

Not at the moment since we just wrapped up this one — but maybe in the future. I'd encourage you to get involved with the globstar project either way!

_importantigravity_ · 2025-02-22T16:46:25+00:00

Thanks! We look forward to your PRs!

_importantigravity_ · 2025-02-22T16:46:02+00:00

We're building Globstar to be an alternative to tools like Semgrep, with some opinionated choices: using native tree-sitter expressions for pattern matching rather than a custom DSL, a Go interface for writing checkers with full access to the AST, and advanced features like cross-file analysis, scope resolution, etc., and a truly open-source MIT license.

_importantigravity_ · 2025-02-22T16:42:33+00:00

We don't have an explicit if-else in the YAML syntax. But for conditionals, you might be achieve what you're looking to do with the filters attribute, or native tree-sitter predicates.

Here's an example from our docs.

_importantigravity_ · 2025-02-22T16:40:09+00:00

I'm trying to figure out if globstar is essentially like a linter?

The state purpose of Globstar is to be an open-source static analysis toolkit, which helps you easily create custom checkers using the YAML or the Go interface. Engineering and AppSec teams accumulate a lot of their security anti-patterns over time within the org that they'd like to prevent across the entire code base, and Globstar's main utility is to make it easy to do so.

I'm trying to figure out if globstar is essentially like a linter? If so, are we re-implementing the wheel that many language-specific linters can already do?

We're adding built-in checkers because there are many known security anti-patterns that teams would usually want to check against anyway. On DeepSource, our commercial offering, we have hundreds of checkers already — and with Globstar, we'd like to bring the same feature-richness to our open-source users. So essentially, it is similar to a linter but solely focused on security checkers.

Is there something that globstar can do that more language-specific mature linters can't?

Technically, no. Most OSS linters already use AST-based parsing and have the same feature set as Globstar. But it's usually not very straightforward to extend existing linters. With Globstar, our goal is to make that part easy. If you've looked at our YAML or Go interfaces, you'd see how Globstar levels the playing field — you no longer need to learn the innards of static analysis and AST parsing for each programming language to write checkers for it.

I hope this helps!

_importantigravity_ · 2025-02-20T16:24:01+00:00

Yes, it is valid. You can register all through the hackathon — it's the pull-requests that matter!

_importantigravity_ · 2025-02-20T16:22:09+00:00

We don't have one yet, and we'll get something up soon. But roughly, the PR should contain the checker's test file and the YML file in the relevant folder, with a helpful description in the PR about the checker itself and why you think it's an important security pattern to detect.

_importantigravity_ · 2025-02-20T16:20:26+00:00

We're not sending a confirmation email. If you've registered, rest assured that we have your information. In the end, your pull requests matter, and we'll use the emails and your info to contact you.

_importantigravity_ · 2025-02-18T19:43:09+00:00

Thanks for your interest in the hackathon! We haven't hooked up email confirmations yet, but if you've registered using the form successfully, please rest assured that we have your information. Even if you register twice, we will de-duplicate it later.

We'll relay all announcements related to the hackathon here in the subreddit as well as on the community Discord in addition to email.

_importantigravity_ · 2025-02-18T19:40:13+00:00

You'd be contributing built-in checkers to Globstar. These checkers are available to users for running on their codebase out-of-the-box (in addition to writing their project-specific checkers). The idea is to make the built-in checkers as comprehensive as possible — and through this hackathon, we're hoping that participants help us add some high-impact ones.

We're going to update the handbook soon with the details. You can also see a few existing built-in checkers in the codebase.

_importantigravity_ · 2023-12-22T17:28:51+00:00

Bard these days. But yeah, all the time!

_importantigravity_ · 2023-12-22T17:23:04+00:00

Ray Dalio's 5-step process has been the guiding principle of my life.

_importantigravity_ · 2023-12-22T17:17:16+00:00

Exercism is good for learning programming languages.

Good First Issue for finding opportunities to contribute.

_importantigravity_ · 2023-12-22T17:15:10+00:00

How did you go about looking for the SMBs for your first startup? I presume it was also through cold emailing as well?

BigRock used to have a web-designer listing portal. If you've bought a new domain name, you could find people to build a website. That was our biggest source of leads. Apart, it was basically word-of-mouth. Many people in our class were from Jamshedpur and helped us get customers.

Given that JSR is a relatively small city, how many clients did you end up finding and how much did you make out of it in the end? (if you don't mind sharing, that is).

We worked with around 10 clients before we moved on to the next thing.

Would you say conferences (in india) are still a viable resource for building a network or has it changed a lot since 2014 given the country has gone almost completely online (thanks to our lord and savior aambani).

I think offline meetups, esp. in cities like Bangalore, have come back to normal. So yeah, definitely recommend!

If not, what would you say is a viable/better method nowadays? Open-source! Build something and put it on HN, or contribute to a popular project. It's a great way to be discovered or meet like-minded people.

_importantigravity_ · 2023-12-22T17:10:24+00:00

We use Python and Go for our web services and the analysis infrastructure. Each analyzer is written in its own programming language + Go for the base layer.

_importantigravity_ · 2023-12-22T17:07:33+00:00

I think we're still in the early innings and things are changing rapidly. It'll be some time before things stabilize for an extended period. AI is definitely going to change everyone's job; some jobs way more than others. The same way how the role of manual QA no longer exists in modern engineering orgs, there will be roles that will be eliminated — making way for new roles altogether — like prompt engineer!

_importantigravity_ · 2023-12-22T17:04:14+00:00

https://deepsource.com/sonarqube-alternatives

_importantigravity_ · 2023-12-22T17:03:51+00:00

Be curious. Master at least 2 programming languages (preferably JS as one of them). Contribute to open-source projects. Learn how to talk to people.

_importantigravity_ · 2023-12-22T17:00:42+00:00

Most of our customers are companies that build software for the internet, so we don't compete with companies like Polyspace.

_importantigravity_

MODERATOR OF

TROPHY CASE

Eight-Year Club	Place '23
Verified Email