AgentGG: Open-source agentic SAST scanner

AgentGG, an open-source static application security testing (SAST) scanner released under the Apache 2.0 license, uses AI agents to read source code, follow imports, walk call graphs, and confirm findings before reporting them. The tool aims to reduce false positives by having agents triage and validate vulnerabilities autonomously, rather than presenting engineers with long lists of unverified candidate issues.

Static analysis tools have spent years matching source code against known-bad patterns and handing engineers long lists of candidate issues to triage by hand. AgentGG approaches the same job with AI agents that read the code, follow imports, walk the call graph, and confirm a finding before they report it. The project is an open-source agentic SAST scanner released under the Apache 2.0 license. How the agents run Each agent is a self-contained markdown file … More https://www.helpnetsecurity.com/2026/06/05/agentgg-open-source-agentic-sast-scanner/ The post AgentGG: Open-source agentic SAST scanner https://www.helpnetsecurity.com/2026/06/05/agentgg-open-source-agentic-sast-scanner/ appeared first on Help Net Security https://www.helpnetsecurity.com .