Static Application Security Testing — 400+ rules, 13+ languages.
Proprietary AST-based engine. Taint tracking for JS/TS and Python. Pattern analysis across Java, C#, Go, PHP, Ruby, Kotlin, C/C++, Rust, Swift.
Executable docs ship with the install
The full reference for this topic — configuration files, code samples, CLI flags, API endpoints — ships inside every dpndncY installation so it always matches your installed version. This public-preview page lists what the in-product docs cover.
In the in-product docs
- Language matrix and parser coverage
- Taint sources, sanitisers, sinks
- Custom rule authoring (YAML DSL)
- Inline suppression syntax
- SARIF 2.1.0 output
- GitHub code-scanning + GitLab SAST ingestion