Code Pathfinder Blog

Code Pathfinder Blog https://codepathfinder.dev/blog Security engineering insights, SAST best practices, and product updates from Code Pathfinder — an open-source CodeQL alternative for finding security vulnerabilities in code. en-us Sat, 21 Feb 2026 00:00:00 GMT https://codepathfinder.dev/logo.png Code Pathfinder Blog https://codepathfinder.dev/blog Automated GitHub PR Security Comments & Inline SAST Findings with Code Pathfinder https://codepathfinder.dev/blog/github-summary-pull-request-comments-integration https://codepathfinder.dev/blog/github-summary-pull-request-comments-integration Code Pathfinder's GitHub Action now posts security scan results as PR summary comments and inline review annotations. Browse 100+ open-source SAST rules at codepathfinder.dev/registry. Sat, 21 Feb 2026 00:00:00 GMT s.shivasurya@gmail.com (Shivasurya) GitHub Actions Pull Request SAST CI/CD GitHub Code Scanning CodeQL Alternative DevSecOps SARIF Stop Grepping, Start Querying: MCP Server for Code-Pathfinder https://codepathfinder.dev/blog/mcp-server-code-pathfinder https://codepathfinder.dev/blog/mcp-server-code-pathfinder Connect Code-Pathfinder's indexed code analysis directly to Claude Code, Codex, and MCP-enabled AI agents. Query call graphs, resolve imports, and find vulnerabilities instantly without grep or file reads. Open-source MCP server for Python codebases. Sun, 11 Jan 2026 00:00:00 GMT s.shivasurya@gmail.com (Shivasurya) MCP Security Product Code Analysis AI Agents Static Analysis One API Key to Rule Them All: SecureFlow Adds OpenRouter Support https://codepathfinder.dev/blog/secureflow-openrouter-integration https://codepathfinder.dev/blog/secureflow-openrouter-integration Stop juggling API keys. SecureFlow now integrates with OpenRouter for access to 200+ AI models, plus a major UI refresh with Svelte Sat, 27 Dec 2025 00:00:00 GMT s.shivasurya@gmail.com (Shivasurya) SecureFlow AI Security VSCode Docker Security Rules: Detect 47 Container Vulnerabilities & Misconfigurations [2025] https://codepathfinder.dev/blog/announcing-docker-compose-security-rules https://codepathfinder.dev/blog/announcing-docker-compose-security-rules Discover 47 Docker security rules to catch critical vulnerabilities. Prevent privilege escalation, socket exposure & misconfigurations with automated SAST scanning. Wed, 10 Dec 2025 00:00:00 GMT s.shivasurya@gmail.com (Shivasurya) Docker Security Container Security Docker Compose Dockerfile Security SAST Static Analysis Security Scanning CWE-250 Privilege Escalation Container Escape DevSecOps CI/CD Security Infrastructure as Code Docker Socket Container Hardening Introducing SecureFlow CLI to Hunt Vulnerabilities https://codepathfinder.dev/blog/introducing-secureflow-cli-to-hunt-vuln https://codepathfinder.dev/blog/introducing-secureflow-cli-to-hunt-vuln AI-powered security scanning tool using agentic loops to hunt vulnerabilities - discovered 300+ issues in WordPress plugins with 12+ AI model support and DefectDojo integration. Wed, 01 Oct 2025 00:00:00 GMT s.shivasurya@gmail.com (Shivasurya) SAST Security SecureFlow CLI Introducing SecureFlow Extension to Vibe Code Securely https://codepathfinder.dev/blog/introducing-secureflow-extension-to-vibe-code-securely https://codepathfinder.dev/blog/introducing-secureflow-extension-to-vibe-code-securely Discover SecureFlow, a VS Code extension that helps developers write secure code by providing real-time security analysis, vulnerability detection, and guided remediation - all within your editor Tue, 29 Jul 2025 00:00:00 GMT s.shivasurya@gmail.com (Shivasurya) SAST Security SecureFlow Silence the Noise: A Practical Guide to Systematically Reducing SAST False Positives https://codepathfinder.dev/blog/silence-the-noise-a-practical-guide-to-systematically-reducing-sast-false-positives https://codepathfinder.dev/blog/silence-the-noise-a-practical-guide-to-systematically-reducing-sast-false-positives Drowning in SAST false positives? This guide provides a step-by-step strategy to reduce noise and make security findings actionable. Sat, 19 Apr 2025 00:00:00 GMT s.shivasurya@gmail.com (Shivasurya) SAST Security Static Analysis Isn't Enough: Understanding Library Interactions for Effective Data Flow Tracking https://codepathfinder.dev/blog/static-analysis-isnt-enough-understanding-library-interactions-for-effective-data-flow-tracking https://codepathfinder.dev/blog/static-analysis-isnt-enough-understanding-library-interactions-for-effective-data-flow-tracking Static analysis tools go blind without understanding library calls – learn why modeling them is critical for finding real security flaws. Thu, 17 Apr 2025 00:00:00 GMT s.shivasurya@gmail.com (Shivasurya) SAST Security Code-PathFinder Detecting WebView Misconfigurations in Android With Code-PathFinder https://codepathfinder.dev/blog/finding-webview-misconfigurations-android https://codepathfinder.dev/blog/finding-webview-misconfigurations-android A short blog post about finding WebView misconfigurations in Android with Code-PathFinder Sun, 20 Oct 2024 00:00:00 GMT s.shivasurya@gmail.com (Shivasurya) SAST Security Android Code PathFinder - Open Source CodeQL Alternative https://codepathfinder.dev/blog/codeql-oss-alternative https://codepathfinder.dev/blog/codeql-oss-alternative A short blog post about Code PathFinder, a CodeQL OSS alternative Tue, 01 Oct 2024 00:00:00 GMT s.shivasurya@gmail.com (Shivasurya) SAST Security Code-PathFinder