Skip to content

Commit 5951c8a

Browse files
misonijnikmisonijnik
authored
fix(docs): Update and simplify OpenTaint positioning (#86)
1 parent e0de752 commit 5951c8a

2 files changed

Lines changed: 2 additions & 2 deletions

File tree

docs/README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -48,7 +48,7 @@ The entire system is designed to work with AI agents. Formal analysis produces r
4848
### Open source, batteries included
4949

5050

51-
Engine, CLI, GitHub Action, GitLab CI, rules — the entire stack, including the deep analysis, is released under [Apache 2.0](../LICENSE.md) and [MIT](../cli/LICENSE). No paid tier to unlock taint tracking. No vendor lock-in on your rule library. Other tools make you pay for it — Semgrep gates taint tracking behind a paid Pro tier, CodeQL requires GHAS for private repos. The deep analysis should be free — and it is.
51+
Engine, CLI, GitHub Action, GitLab CI, rules — the entire stack, including the deep analysis, is released under [Apache 2.0](../LICENSE.md) and [MIT](../cli/LICENSE). No paid tier to unlock taint tracking. No vendor lock-in on your rule library. Other tools make you pay for it — Semgrep gates inter-procedural taint tracking behind a paid Pro tier, CodeQL requires GHAS for private repos. OpenTaint doesn't.
5252

5353
---
5454

docs/faq.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,7 @@ Java and Kotlin, analyzed at the bytecode level to precisely understand inherita
2222

2323
**How does OpenTaint compare to Semgrep?**
2424

25-
Semgrep's open-source engine does pattern matching. Its Pro engine adds taint analysis behind a paid tier. OpenTaint ships full inter-procedural dataflow analysis — cross-endpoint flows, persistence layers, stored injections — under Apache 2.0. Rules use a code-native format that the engine translates into complete taint configurations. Semgrep rule syntax is supported as a migration path.
25+
Semgrep's open-source engine includes intra-procedural taint analysis — it tracks data within a single function. Its Pro engine adds inter-procedural taint analysis behind a paid tier. OpenTaint ships full inter-procedural dataflow analysis — cross-endpoint flows, persistence layers, stored injections — under Apache 2.0. Rules use a code-native format that the engine translates into complete taint configurations. Semgrep rule syntax is supported as a migration path.
2626

2727
**How does OpenTaint compare to CodeQL?**
2828

0 commit comments

Comments
 (0)