Show HN: A benchmark for SAST exploit chain and evasion detection

Category: security

Tags: security, static-analysis, benchmark, sast, vulnerability-detection

Score: 8.0/10 (Innovation: 8, Technical: 7, Documentation: 9, Utility: 8)

This project is a comprehensive SAST (Static Application Security Testing) benchmark suite for Go, Rust, Bash, PHP, and Ruby, filling a significant gap as no public benchmarks existed for these languages. It's particularly innovative for including adversarial evasion and exploit chain detection benchmarks, which test a tool's ability to find hidden vulnerabilities and correlate multiple findings, moving beyond traditional taint flow analysis.

Target audience: security-engineers, devops, backend-devs

Repository: https://github.com/TheAuditorTool/sast-benchmark · Rust · Apache-2.0 · 3 stars

View on Hacker News