More bug classes, less auth noise.
Seven new vulnerability classes, deeper FastAPI authorization tracking, parser hardening checks, and a quieter auth report.
Read moreNyx news and release notes — local-first Rust SAST scanner
Data exfiltration gets its own lane.
Sensitive data sent to outbound HTTP calls is now tracked separately from SSRF, with calibration aimed at real leaks.
Read more
The local UI lands.
The SSA taint engine arrived, cross-file analysis got deeper, and nyx serve opened a local
browser workflow for triage.
Ranking, state checks, and quieter output.
Finding scores, lower-noise defaults, state analysis, and inline ignores made scan output easier to work through.
Read more
Config, SARIF, and a cleanup pass.
Custom rules, SARIF output, source-kind severity, non-prod downgrades, and resource leak detection landed together.
Read more
Cross-file analysis starts doing real work.
Two-pass cross-file taint analysis, CFG detectors, persisted function summaries, and multi-language analysis made the scanner more serious.
Read more
The first scan path.
The first builds set the shape: tree-sitter parsing, a filesystem walker, SQLite-backed indexes, and the first Rust CFG experiments.
Read more