PulseGateLive intelligence on AI-era software
Coverage
172,482

Software tracked

 

Freshness
51 min ago

Last update

 

Cadence
936/day

7-day average

Indexed today: 785

PulseGate

Live intelligence on the software shipping in the AI era — apps, models, agents, and infra.

Software is shipping faster than ever, and a growing share of it lives outside the official app stores. PulseGate tracks it live — free, for builders, analysts, and everyone keeping up.

Platform

  • All Apps
  • Categories
  • Industry Updates
  • Data Sources
  • Coverage Rules
  • Glossary
  • Embed Widget

Support

  • Help Center
  • Suggest a URL
  • Report an Issue

Company

  • About
  • Press & Data
  • Contact
  • Platform Status

Legal

  • Privacy
  • Terms
  • Disclaimer

© 2026 PulseGate. Operated by Dymaxio s.r.o., Prague, Czech Republic.·

All systems operational
PulseGate
OPOpenTaint logo
OpenTaint
Visit ↗
  1. Home/
  2. Security & compliance platforms/
  3. OpenTaint
←Back to results
OOpenTaint logo

OpenTaint

opentaint.org·Infrastructure

OpenTaint is an open-source taint analysis engine designed for application security in environments where AI-generated code is prevalent. It addresses the challenge of tracking untrusted data through complex codebases, providing a formal, deterministic approach to vulnerability detection that complements both AST-pattern matchers and LLM security agents. The tool is intended for developers and security professionals seeking to identify vulnerabilities that are often missed by conventional static analysis tools or AI agents alone.

The engine performs whole-program, inter-procedural dataflow analysis, following untrusted data across function boundaries, persistence layers, aliases, and asynchronous code constructs. For Java and Kotlin applications, OpenTaint operates directly on bytecode, allowing it to resolve inheritance, generics, and third-party library calls with precision. It is particularly thorough in analyzing Spring Boot applications, including support for Spring MVC, Spring Data, and related libraries, and models asynchronous flows such as those in Reactor, Spring WebFlux, and Kotlin coroutines. The engine also models JPA persistence layers, enabling it to detect stored injection vulnerabilities that span across multiple requests and database interactions.

OpenTaint supports more than 100 rules across over 20 vulnerability classes, including SQL injection, cross-site scripting (XSS), server-side request forgery (SSRF), SpEL injection, open redirects, path traversal, and command injection. Reports generated by the tool provide detailed traces from the origin of untrusted data—such as an HTTP source—through method calls and persistence layers, down to the vulnerable endpoint. Rules for analysis are written in a human-readable AST-pattern format, compatible with rule syntaxes used by tools like Semgrep and ast-grep, and can be authored or refined by both humans and AI agents. The engine applies these rules deterministically across entire codebases within minutes of CPU time.

0 and MIT licenses. There are no paid tiers or feature gates, and users can write custom rules without restriction. Installation options include CLI, Docker, npm, Homebrew, PowerShell, and curl-based scripts. OpenTaint is positioned as a comprehensive taint analysis solution for modern, AI-driven development workflows.

Open SourceApache-2.0
CLISelf-hosted
O
OpenTaint preview
Visit opentaint.org↗
⭐97
stars
🍴7
forks
✓8
features
📅2024
since

Overview

8 features

OpenTaint is a Security & compliance platforms product. It focuses on detecting and analyzing security vulnerabilities in codebases that traditional pattern matchers and LLM agents may miss. It is built as an open-source project for application security engineers. OpenTaint is open source under the Apache-2.0 license. It runs on the command line, and it can be self-hosted.

It is developed by seqra, and the product first shipped in 2024. Development happens publicly on GitHub with 97 stars and 129 commits in the last 90 days. Key capabilities include taint analysis, AST-pattern rules, and whole-program analysis.

  • ✓Taint analysis
  • ✓AST-pattern rules
  • ✓Whole-program analysis
  • ✓CI integrations
  • ✓Agent viewer
  • ✓Vulnerability detection
  • ✓Rule engine
  • ✓Open source

Tags

taint-analysisapplication-securityvulnerability-detectioncli-tool

Built with & integrations

Framework
astro
Runs on
CLISelf-hosted

Trust & compliance

LicenseApache-2.0
Verified signals
✓ HTTPS✓ Open Source✓ Free tier✓ GitHub · ★ 97✓ Active maintenance

Recent events

Latest indexed changes and source events

  1. IndexedJul 3, 10:31 AM

    seqra/opentaint verified by the PulseGate indexer

    Source: PulseGate indexerOpen ↗

Frequently asked questions about OpenTaint

What does OpenTaint do?
OpenTaint focuses on detecting and analyzing security vulnerabilities in codebases that traditional pattern matchers and LLM agents may miss. It is catalogued under Security & compliance platforms on PulseGate.
Who is OpenTaint for?
OpenTaint is an open-source project built for application security engineers.
Is OpenTaint free?
Yes — OpenTaint is open source under the Apache-2.0 license and free to use.
What platforms does OpenTaint run on?
OpenTaint runs on the command line. It can also be self-hosted.
Is OpenTaint still maintained?
PulseGate's automated liveness checks currently classify OpenTaint as active. The GitHub repository shows 129 commits in the last 90 days.
What are alternatives to OpenTaint?
Similar tools tracked by PulseGate include open traces, OpenTerms, and OpenTools.open tracesOpenTermsOpenTools
Who makes OpenTaint?
OpenTaint is developed by seqra.
When did OpenTaint launch?
OpenTaint first shipped in 2024.

At a glance

Pricing
Open Source
Platforms
Cli
Languages
English
Open source
Yes · ★ 97
License
Apache-2.0
First seen
Sep 16, 2024
Activity
🟢 Active
Status
🟢 Active
Built for
application security engineers
Model
Open source
Solves
Detecting and analyzing security vulnerabilities in codebases that traditional pattern matchers and LLM agents may miss.

Developer

seqra
Team
↗ GitHub

Open source

View on GitHub →
⭐ Stars
97
🍴 Forks
7
Open issues
37
Last commit
2w ago
Commits 90d
129
Contributors
11
Authorship
Team
Default branch
main
Latest release
v0.4.3 · 3w ago

Live coverage

Confidence
High · 96
Indexed
Jul 3, 2026
Lifecycle
Alive
Activity
Active
First seen
Sep 2024
Last seen
2w ago
Identity audit (9)
Entity ID
cmr4smhqw001z13gyar4m313x
Slug
seqra-opentaint-opentaint-org
Verification state
Indexed for public listing
Claim / listing state
Unclaimed · listed: yes
Index status
Included in index
Latest evidence snapshot
Jul 3, 2026
Timeline basis
Indexed-at chronology (no inferred launch/funding milestones).
Last updated
Jul 14, 2026
Canonical URL
https://opentaint.org/

Similar apps

Other apps tracked under the same category.

  • open traces
    opentraces.ai
  • OpenTerms
    openterms.com
  • OpenTools
    opentools.page
  • Cognium Open Source
    cognium.dev
  • OpenTurtles
    openturtles.ai
  • OpenTofu
    opentofu.org