DeepSource Unveils Globstar: An MIT-Licensed Alternative to Semgrep

Article Highlights
Off On

DeepSource has made a notable stride in the DevSecOps arena by open-sourcing Globstar, a static code analysis tool designed to provide teams with an effective alternative to Semgrep. This new tool, Globstar, stands out due to its permissive MIT license, which permits unrestricted commercial use. The move to open-source Globstar under such a liberal license addresses growing concerns within the developer community. Increasingly, vendors sponsoring open-source projects are shifting licensing terms to prevent competitors from leveraging their code for financial gain. In contrast, DeepSource aims to foster an environment of collaboration and innovation by granting developers more freedom with their tool.

Addressing the Challenges of Modern Code Checking Tools

Evolution of Code Checking Tools

The landscape of code checking tools has been evolving rapidly, driven principally by the surge in AI-driven code writing tools. Traditional code checkers face the challenge of maintaining the delicate balance between thoroughness and speed. As an industry, there’s been an observed lag in traditional tools’ ability to keep pace without compromising developers’ speed and workflow efficiency. Globstar seeks to meet these challenges head-on, offering a more modern and faster tree-sitter query syntax. This improvement over Semgrep ensures that developers can work without the inherent slowdown typically associated with code scanning tools. The innovation here lies in providing developers direct access to the actual abstract syntax tree (AST) structure of their code, which facilitates more precise debugging and mitigates the risk of overlooking crucial vulnerabilities.

AI-Driven Tools and Developer Efficiency

With the increasing incorporation of AI into development workflows, there is a growing need for code checking tools that can seamlessly integrate into these modern environments. Traditional code checkers not only struggle to keep up with the volume of code but also with the sophisticated nature of AI-generated code. DeepSource’s Globstar aims to bridge this gap by providing a solution that does not compromise on speed or accuracy. The tool’s advanced AST awareness means that developers can catch and fix potential issues with greater efficiency, reducing the overall risk and improving the security of the software. This is a significant step forward in ensuring that code quality keeps up with the pace of development in today’s fast-evolving tech landscape.

Overcoming Developer Perceptions and Workflow Interruptions

Developer Perceptions

One of the substantial challenges faced by DevSecOps teams today is overcoming the perception among developers that code scanning disrupts their workflow. This perception often leads to infrequent scans, which can leave vulnerabilities unchecked until a much later stage. Saurav, a notable voice in the DevSecOps community, highlighted this concern, emphasizing the need for faster scan times. The increasing velocity of code production means that outdated, slow scanning processes are no longer viable. Developers demand tools that can keep up with their pace without imposing a significant overhead. Globstar’s design caters to this need by providing a tool that is not only faster but also more intuitive to use.

Enhancing Workflow Efficiency

By integrating Globstar into DevSecOps pipelines through YAML files or APIs written in Go, DeepSource has ensured that the tool is adaptable and easy to implement. This flexibility is essential for maintaining high efficiency and minimizing disruptions. The ability to scan code quickly and effectively means developers are more likely to use the tool regularly, thus maintaining a higher standard of code security. Moreover, open-sourcing the tool under the MIT license encourages other vendors to contribute to its development, creating a robust community-driven improvement cycle. This collaborative effort is poised to make code scanning not just a necessary process but an integral part of the development workflow that enhances, rather than hinders, productivity.

Driving Collaboration and Future Enhancements

Collaborative Environment

By open-sourcing Globstar, DeepSource aims to provide a potent tool for DevSecOps teams while also encouraging other vendors and developers to build commercial offerings around it. This approach fosters a more collaborative environment, where innovations and improvements can be shared openly, benefiting the entire industry. The permissive MIT license is a strategic move to generate a community around Globstar that prioritizes both security and innovation. This, in turn, could lead to the development of more robust security practices and tools that address the evolving needs of the tech industry.

Future Considerations

DeepSource has significantly advanced its position in the DevSecOps sector by releasing Globstar, a static code analysis tool, as open-source. Globstar is designed to offer teams an effective option compared to Semgrep. One of Globstar’s standout features is its MIT license, which allows for unrestricted commercial use, providing a liberal and permissive approach. The decision to open-source Globstar under such a favorable license responds to increasing concerns within the development community. Many vendors who sponsor open-source projects are moving towards restrictive licensing to block competitors from monetizing their code. DeepSource, however, intends to cultivate a culture of collaboration and innovation. By granting developers greater freedom with their technology, they aim to encourage teamwork and creativity. This approach contrasts with the growing trend of restrictive licenses and aims to benefit the broader community by promoting openness and shared progress.

Explore more

Revolutionizing SaaS with Customer Experience Automation

Imagine a SaaS company struggling to keep up with a flood of customer inquiries, losing valuable clients due to delayed responses, and grappling with the challenge of personalizing interactions at scale. This scenario is all too common in today’s fast-paced digital landscape, where customer expectations for speed and tailored service are higher than ever, pushing businesses to adopt innovative solutions.

Trend Analysis: AI Personalization in Healthcare

Imagine a world where every patient interaction feels as though the healthcare system knows them personally—down to their favorite sports team or specific health needs—transforming a routine call into a moment of genuine connection that resonates deeply. This is no longer a distant dream but a reality shaped by artificial intelligence (AI) personalization in healthcare. As patient expectations soar for

Trend Analysis: Digital Banking Global Expansion

Imagine a world where accessing financial services is as simple as a tap on a smartphone, regardless of where someone lives or their economic background—digital banking is making this vision a reality at an unprecedented pace, disrupting traditional financial systems by prioritizing accessibility, efficiency, and innovation. This transformative force is reshaping how millions manage their money. In today’s tech-driven landscape,

Trend Analysis: AI-Driven Data Intelligence Solutions

In an era where data floods every corner of business operations, the ability to transform raw, chaotic information into actionable intelligence stands as a defining competitive edge for enterprises across industries. Artificial Intelligence (AI) has emerged as a revolutionary force, not merely processing data but redefining how businesses strategize, innovate, and respond to market shifts in real time. This analysis

What’s New and Timeless in B2B Marketing Strategies?

Imagine a world where every business decision hinges on a single click, yet the underlying reasons for that click have remained unchanged for decades, reflecting the enduring nature of human behavior in commerce. In B2B marketing, the landscape appears to evolve at breakneck speed with digital tools and data-driven tactics, but are these shifts as revolutionary as they seem? This