| Personal site: | https://joshcgrossman.com |
| Twitter: | https://twitter.com/JoshCGrossman/ |
| https://www.linkedin.com/in/joshcgrossman/ | |
| GitHub | https://github.com/tghosth |
| Blue Sky | https://bsky.app/profile/joshcgrossman.com |
This makes aghast a much better fit for CI pipelines where you want fast, targeted feedback on every PR without sacrificing depth. 🔍
---
📦 npm install -g @bouncesecurity/[email protected]
4/4
How?
🎯 Pass --diff-ref, --diff-file, or AGHAST_DIFF_REF and aghast automatically narrows all discovery results (Semgrep, SARIF, OpenAnt) to findings that touch your diff.
2/4
🚀 Introducing aghast v0.7.1: Diff-scoped security scanning
When you're reviewing a PR, you don't want to be flooded with findings from code that didn't change. v0.7.1 adds automatic diff filtering so aghast focuses its analysis on what actually changed.
1/4
Them: We need a super-sophisticated AI powered security review tool to stop vulnerabilities entering our products.
Me: No, you just need to stop ignoring the security PR comments that your current AI reviewer is adding...
Live footage of anyone trying to do anything clever using the @ClaudeDevs AgentSDK 🤦♂️🤦♂️🤦♂️
Quiz!
I submitted an Open Source Program application to @AnthropicAI to assist with my work on @OWASP_ASVS. (Don't quite meet requirements but thought I'd try)
Did I get:
a) Accepted onto the program
b) No response
c) Spam to the email address I used to register
d) both b + c?
Having spent a bunch of time using Opus, I tried to economize last week by using Sonnet more.
I feel like it makes more mistakes and needs more guidance, even if I get Opus to plan first.
Starting to wonder whether the time incurred costs more than the token saving...
🚀 aghast v0.6.0 is out!
Cost and budget controls, per-check repository exclusion, and enhanced security hardening. Run aghast stats to see your scan costs, set budgets, and scale with confidence.
Get it: npm install -g @bouncesecurity/aghast
