90% of my hive for my first app doesn't seem to get that its not just about opening app for 15 seconds, screenshot, close app. Only a few users have given any meaningful feedback. Heck even a "nice app" would be nice.
Most of them haven't put out any updates for their app, and I try to make meaningful feedback about UI or translation or they should put out some guide on how to use their app.
I need testers for my android idle game.
Google Group:
https://groups.google.com/g/idle-mollusk-closed-test
Game Link
late-sast is an autonomous security auditor built on top of the Late agent engine. It takes a GitHub URL, spins up a throwaway Docker sandbox, installs and runs the target application, performs a full static and dynamic security scan, then attacks its own findings live — and cleans up after itself completely.
https://github.com/giveen/late-sast
I'm more than happy to scan your open source project and provide a report if you would like.
So you built a code, you may even have vibed coded it, but is it secure?
https://github.com/giveen/late-sast
My LLM powered code scanner confirms if it truly is secure or not.
Example report:
https://github.com/giveen/late-sast/blob/main/docs/example_report.md
### ⚙️ The late-sast Technical Pipeline
`late-sast` follows a deterministic pipeline to move from raw code to a confirmed, audited exploit without manual configuration.
**The Pipeline:**
* **1. Clone** – Repo is pulled into an isolated `/tmp` directory for total environment separation.
* **2. Index** – Builds a codebase graph via **MCP** to map data flows and HTTP routes autonomously.
* **3. Sandbox** – Launches a language-specific **Docker container** to host the application safely.
* **4. Launch** – Reads READMEs/configs to auto-install dependencies and start the services.
* **5. Scan** – Traces taint paths across **34 vulnerability classes** using graph-first analysis.
* **6. [NEW] Audit** – Integrates **VulnLLM-R-7B** to reason through findings and eliminate noise. (coming soon)
* **7. Attack** – Attempts **live proof-of-concept (PoC) exploitation** against identified sinks.
* **8. Report & Cleanup** – Generates a Markdown report and wipes all temporary files/containers.
**[NEW] Retest Mode:** Targeted verification—feed a previous report back in to verify if specific fixes actually work without re-scanning the whole repo. (coming soon)
***
### 🚀 Why this setup wins:
* **Zero-Config:** No more fighting with `npm install` or `go build` manually; the sandbox handles the heavy lifting.
* **Confirmed Findings:** By moving from Scan to Attack, it separates "potential bugs" from "exploitable realities."
* **AI-Reasoning:** Using a specialized 7B model for the audit phase means you get a breakdown of *why* a bug exists, not just a line number.
* **The Loop:** The `--retest` feature turns the final report into a living document. Point it at your old report, and it only tests those specific areas to see if they've been resolved.
***
**Are you building a tool that actually works, or just a tool that greps?**
Check it out on GitHub: [giveen/late-sast](https://github.com/giveen/late-sast)