Code Pathfinder Blog

Code Pathfinder Blog https://codepathfinder.dev/blog Security engineering insights, SAST best practices, and product updates from Code Pathfinder.. en-us Sat, 18 Apr 2026 00:00:00 GMT https://codepathfinder.dev/logo.png Code Pathfinder Blog https://codepathfinder.dev/blog Code Pathfinder now speaks Go https://codepathfinder.dev/blog/announcing-golang-support-code-pathfinder https://codepathfinder.dev/blog/announcing-golang-support-code-pathfinder Code Pathfinder v2.1.0 adds Go support: 21 security rules, cross-file taint analysis, and type-aware detection across Gin, Echo, Fiber, GORM, sqlx, gRPC, and the standard library. Sat, 18 Apr 2026 00:00:00 GMT s.shivasurya@gmail.com (Shivasurya) Golang Go Security Taint Analysis Open Source SAST Same Bug, Different Endpoint: Finding Path Traversal in Langflow with Code Pathfinder https://codepathfinder.dev/blog/langflow-knowledge-bases-path-traversal-variant-analysis https://codepathfinder.dev/blog/langflow-knowledge-bases-path-traversal-variant-analysis How Code Pathfinder's variant analysis detected an unpatched path traversal in Langflow's Knowledge Bases API, the same bug class as CVE-2026-33497. Wed, 15 Apr 2026 00:00:00 GMT s.shivasurya@gmail.com (Shivasurya) Python Security Path Traversal Variant Analysis Langflow CVE-2026-33186: Bypassing gRPC-Go Authorization with a Missing Slash https://codepathfinder.dev/blog/cve-2026-33186-grpc-go-authorization-bypass-malformed-path-header https://codepathfinder.dev/blog/cve-2026-33186-grpc-go-authorization-bypass-malformed-path-header CVE-2026-33186 - A path normalization flaw in grpc-go v1.79.2 and earlier allows attackers to bypass path-based authorization interceptors by omitting the leading slash in the HTTP/2 :path pseudo-header. Both custom interceptors and the official grpc/authz policy engine are affected. Wed, 01 Apr 2026 00:00:00 GMT s.shivasurya@gmail.com (Shivasurya) GoLang Security CVE Authorization Bypass grpc-go Cross-File Dataflow Analysis: Taint Tracking Across Your Entire Project https://codepathfinder.dev/blog/cross-file-dataflow-analysis-taint-tracking-across-your-entire-project https://codepathfinder.dev/blog/cross-file-dataflow-analysis-taint-tracking-across-your-entire-project Code Pathfinder v2.0 ships inter-procedural taint analysis that traces vulnerable data flows across files, functions, and module boundaries. Here's how it works and how to write your first flow analysis rule. Tue, 17 Mar 2026 00:00:00 GMT s.shivasurya@gmail.com (Shivasurya) Dataflow Analysis Taint Analysis Security SAST Python SDK Engineering Cross-File Analysis Automated GitHub PR Security Comments & Inline SAST Findings with Code Pathfinder https://codepathfinder.dev/blog/github-summary-pull-request-comments-integration https://codepathfinder.dev/blog/github-summary-pull-request-comments-integration Code Pathfinder's GitHub Action now posts security scan results as PR summary comments and inline review annotations. Browse 100+ open-source SAST rules at codepathfinder.dev/registry. Sat, 21 Feb 2026 00:00:00 GMT s.shivasurya@gmail.com (Shivasurya) GitHub Actions Pull Request SAST CI/CD GitHub Code Scanning CodeQL Alternative DevSecOps SARIF Stop Grepping, Start Querying: MCP Server for Code-Pathfinder https://codepathfinder.dev/blog/mcp-server-code-pathfinder https://codepathfinder.dev/blog/mcp-server-code-pathfinder Connect Code-Pathfinder's indexed code analysis directly to Claude Code, Codex, and MCP-enabled AI agents. Query call graphs, resolve imports, and find vulnerabilities instantly without grep or file reads. Open-source MCP server for Python codebases. Sun, 11 Jan 2026 00:00:00 GMT s.shivasurya@gmail.com (Shivasurya) MCP Security Product Code Analysis AI Agents Static Analysis One API Key to Rule Them All: SecureFlow Adds OpenRouter Support https://codepathfinder.dev/blog/secureflow-openrouter-integration https://codepathfinder.dev/blog/secureflow-openrouter-integration Stop juggling API keys. SecureFlow now integrates with OpenRouter for access to 200+ AI models, plus a major UI refresh with Svelte Sat, 27 Dec 2025 00:00:00 GMT s.shivasurya@gmail.com (Shivasurya) SecureFlow AI Security VSCode Docker Security Rules: Detect 47 Container Vulnerabilities & Misconfigurations [2025] https://codepathfinder.dev/blog/announcing-docker-compose-security-rules https://codepathfinder.dev/blog/announcing-docker-compose-security-rules Discover 47 Docker security rules to catch critical vulnerabilities. Prevent privilege escalation, socket exposure & misconfigurations with automated SAST scanning. Wed, 10 Dec 2025 00:00:00 GMT s.shivasurya@gmail.com (Shivasurya) Docker Security Container Security Docker Compose Dockerfile Security SAST Static Analysis Security Scanning CWE-250 Privilege Escalation Container Escape DevSecOps CI/CD Security Infrastructure as Code Docker Socket Container Hardening Introducing SecureFlow CLI to Hunt Vulnerabilities https://codepathfinder.dev/blog/introducing-secureflow-cli-to-hunt-vuln https://codepathfinder.dev/blog/introducing-secureflow-cli-to-hunt-vuln AI-powered security scanning tool using agentic loops to hunt vulnerabilities - discovered 300+ issues in WordPress plugins with 12+ AI model support and DefectDojo integration. Wed, 01 Oct 2025 00:00:00 GMT s.shivasurya@gmail.com (Shivasurya) SAST Security SecureFlow CLI Introducing SecureFlow Extension to Vibe Code Securely https://codepathfinder.dev/blog/introducing-secureflow-extension-to-vibe-code-securely https://codepathfinder.dev/blog/introducing-secureflow-extension-to-vibe-code-securely Discover SecureFlow, a VS Code extension that helps developers write secure code by providing real-time security analysis, vulnerability detection, and guided remediation - all within your editor Tue, 29 Jul 2025 00:00:00 GMT s.shivasurya@gmail.com (Shivasurya) SAST Security SecureFlow Silence the Noise: A Practical Guide to Systematically Reducing SAST False Positives https://codepathfinder.dev/blog/silence-the-noise-a-practical-guide-to-systematically-reducing-sast-false-positives https://codepathfinder.dev/blog/silence-the-noise-a-practical-guide-to-systematically-reducing-sast-false-positives Drowning in SAST false positives? This guide provides a step-by-step strategy to reduce noise and make security findings actionable. Sat, 19 Apr 2025 00:00:00 GMT s.shivasurya@gmail.com (Shivasurya) SAST Security Static Analysis Isn't Enough: Understanding Library Interactions for Effective Data Flow Tracking https://codepathfinder.dev/blog/static-analysis-isnt-enough-understanding-library-interactions-for-effective-data-flow-tracking https://codepathfinder.dev/blog/static-analysis-isnt-enough-understanding-library-interactions-for-effective-data-flow-tracking Static analysis tools go blind without understanding library calls – learn why modeling them is critical for finding real security flaws. Thu, 17 Apr 2025 00:00:00 GMT s.shivasurya@gmail.com (Shivasurya) SAST Security Code-PathFinder Detecting WebView Misconfigurations in Android With Code-PathFinder https://codepathfinder.dev/blog/finding-webview-misconfigurations-android https://codepathfinder.dev/blog/finding-webview-misconfigurations-android A short blog post about finding WebView misconfigurations in Android with Code-PathFinder Sun, 20 Oct 2024 00:00:00 GMT s.shivasurya@gmail.com (Shivasurya) SAST Security Android Code PathFinder - Open Source CodeQL Alternative https://codepathfinder.dev/blog/codeql-oss-alternative https://codepathfinder.dev/blog/codeql-oss-alternative A short blog post about Code PathFinder, a CodeQL OSS alternative Tue, 01 Oct 2024 00:00:00 GMT s.shivasurya@gmail.com (Shivasurya) SAST Security Code-PathFinder