HYVE AUGUR · STATIC ANALYSIS SECURITY GATE
AUGUR
PATENT PENDING11 DETECTORS · DEFENSIVE WIRE · SELF-POLICING CI GATE
Augur is a static analysis security gate that catches eleven classes of vulnerability across five languages — Rust, Python, TypeScript, JavaScript, and Go. Use it as a pre-commit hook, a CI gate, or a runtime check inside your agents.
Augur audits its own source on every commit — that is the patent-pending self-policing CI gate. The tool that finds your vulnerabilities also finds its own. The defensive wire format means Augur never breaks if a detector returns malformed output; bad findings are dropped, not crashed on.
All eleven detectors.
Severity bands map to the OWASP Risk Rating taxonomy. Languages covered by each detector reflect the upstream parsers Augur ships with.
| Detector | Severity | Languages | Catches |
|---|---|---|---|
| secrets | HIGH | RS · PY · TS · JS · GO | API keys, tokens, private keys leaked into source |
| command_injection | CRITICAL | RS · PY · TS · JS | Shell-form subprocess execution, exec/spawn with user input |
| deserialization | CRITICAL | RS · PY · TS · JS | Unsafe deserialization of untrusted bytes |
| sql_injection | HIGH | RS · PY · TS · JS · GO | String-concatenated SQL with operator-controlled values |
| weak_crypto | MEDIUM | RS · PY · TS · JS · GO | MD5, SHA-1, raw HMAC, ECB-mode AES, weak RNG seeding |
| insecure_random | HIGH | RS · PY · TS · JS | math.random / rand::random for security-relevant values |
| xss | HIGH | TS · JS | Unescaped operator-controlled values in HTML / JSX |
| ssrf | HIGH | RS · PY · TS · JS · GO | Outbound fetch with operator-controlled URL, no allowlist |
| regex_dos | MEDIUM | RS · PY · TS · JS | Catastrophically backtracking regex patterns |
| panic_audit | MEDIUM | RS | Unexpected unwrap / expect / panic in production paths |
| unsafe_audit | LOW | RS | unsafe blocks without justification comments |
INTEGRATE · SHELL · RUST · PYTHON
Run Augur in your CI today.
// Cargo.toml: hyve-augur = "1.0"
use hyve_augur::{AugurClient, Severity, Report};
fn main() -> anyhow::Result<()> {
let augur = AugurClient::local();
let report: Report = augur.audit(".", Severity::High)?;
for f in &report.findings {
eprintln!("[{}] {}: {}:{}", f.severity, f.detector, f.path.display(), f.line);
}
if !report.findings.is_empty() {
std::process::exit(1);
}
Ok(())
}