Skip to content

Add cognium — semantic taint-tracking SAST for Java, JS, TS, Python, Rust, Bash#1795

Open
coggiyadmin wants to merge 1 commit intoanalysis-tools-dev:masterfrom
coggiyadmin:add-cognium
Open

Add cognium — semantic taint-tracking SAST for Java, JS, TS, Python, Rust, Bash#1795
coggiyadmin wants to merge 1 commit intoanalysis-tools-dev:masterfrom
coggiyadmin:add-cognium

Conversation

@coggiyadmin
Copy link
Copy Markdown

@coggiyadmin coggiyadmin commented Apr 3, 2026

Add cognium

**Source:** https://github.com/cogniumhq/cognium
**Homepage:** https://cognium.dev
**License:** MIT

### What it does

Cognium is a semantic SAST engine using taint tracking and a 36-pass analysis pipeline. It detects security vulnerabilities (SQL injection, XSS, SSRF, command injection, path
traversal, and 15 more CWEs) as well as reliability, performance, and maintainability issues. Outputs text, JSON, and SARIF 2.1.0.

### Languages supported

Java, JavaScript, TypeScript, Python, Rust, Bash

### Benchmark scores

| Benchmark | Score |
|-----------|-------|
| OWASP Benchmark | 100% TPR, 0% FPR (1415 test cases) |
| Juliet Test Suite | 100% (156/156, 9 CWEs) |
| SecuriBench Micro | 97.7% TPR |

### Checklist

- [x] Tool is actively maintained
- [x] MIT licensed
- [x] CLI interface
- [x] `make render` passes locally

@claude
Add cognium — semantic taint-tracking SAST engine
373e240 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@coggiyadmin