Globstar is an open-source static analysis toolkit designed for developers and security engineers to create and execute custom code checkers. It offers a fast, portable, and dependency-free solution for enforcing code quality and security standards across large codebases, leveraging tree-sitter for AST-based analysis.

How It Works

Globstar utilizes tree-sitter for parsing code into Abstract Syntax Trees (ASTs), enabling precise pattern matching. Checkers can be written using tree-sitter's query language (S-expressions) defined in YAML files for simplicity, or in Go for advanced logic, offering access to ASTs, scope resolution, and multi-file analysis. This approach avoids custom DSLs and provides flexibility for different complexity needs.

Quick Start & Requirements

• Install: curl -sSL https://get.globstar.dev | sh (downloads to ./bin/globstar)
• Prerequisites: None explicitly mentioned beyond a shell environment.
• Documentation: https://docs.globstar.dev/
• Tree-sitter Queries: https://tree-sitter.github.io/tree-sitter/playground

Highlighted Details

• Written in Go for high performance and distributed as a single binary.
• Supports checkers written in YAML (tree-sitter queries) or Go (full AST access).
• CI-friendly with easy binary download and execution.
• Built-in checkers and custom checkers stored in a .globstar directory.

Maintenance & Community

• Developed by DeepSource.
• Actively involves the community in development.

Licensing & Compatibility

• MIT License for the CLI and built-in checkers, allowing unrestricted commercial use.

Limitations & Caveats

The README does not detail specific language support beyond Python examples, nor does it mention performance benchmarks or known limitations regarding complex code structures or specific language parsing capabilities.