Soak: Deep-Tissue Static Analysis as an Execution Layer
Soak is a zero-dependency Docker image that aggregates a curated set of open-source security scanners into a single, reproducible execution environment.
February 2026Signal what matters.
Ignore the rest.
Opinionated insights on application security, alert fatigue, and why most tools fail to deliver real value.
Read the insightsLatest insights
Aggregating Semgrep Results: Top Rules, Files, and Clusters (MVP Demo)
Turning security tool outputs into actionable insights is one of the biggest challenges for developers and security engineers. In this post, I’m sharing a minimal viable product (MVP) that takes Semgrep scan outputs and visualize
January 2026Why Most Security Findings Are Misunderstood
In the previous post, we saw how many security tools can “lie”: they don’t tell the full story, generate noise, and often leave teams with a false sense of security. But what happens after a vulnerability is reported? The story doesn’t get any better: most findings are misunderstood.
January 2026Why most security tools are lying to you
We live in a world where developers and security teams are drowning in alerts. Every scanner, every automated tool, every “security dashboard” promises to tell you what matters—but in reality, most of it is noise.
January 2026