I built a CLI to fight technical debt using Go, Tree-sitter, and Trivy**
Hi everyone,
I’ve been working on a tool called DebtDrone to solve a frustration I had: static analysis tools usually check style (linting) or security (SAST), but rarely both, and often rely on fragile Regex parsing.
What it does:
- Complexity Analysis: Uses
go-tree-sitterbindings to parse code into ASTs. It calculates Cyclomatic and Cognitive complexity for Go, Python, JS, and TS. - Security Scanning: I embedded the Trivy engine to scan for secrets and vulnerabilities.
- Local-First: It uses in-memory storage for the analysis run, so no database is needed for the CLI.
Why I made it:
I wanted a single binary I could drop into a GitHub Action that would fail the build if a PR introduced too much complexity OR a security flaw.
Try it out:
curl -sL https://raw.githubusercontent.com/endrilickollari/debtdrone-cli/main/install.sh | bash
It's currently in Beta (v0.1.0). I’d love to hear if it works on your repos or if the AST parser misses anything weird!
submitted by /u/endrilickollari
[link] [comments]