zakirkun

zakirkun / ice-tea

Public

AI-Powered Static Application Security Testing (SAST) — written in Go.

12
5
100% credibility
Found Mar 20, 2026 at 12 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Go
AI Summary

Ice Tea is an open-source security scanner that analyzes source code for vulnerabilities using pattern matching, data flow tracking, and optional AI reasoning across 10+ languages.

How It Works

1
🔍 Discover Ice Tea

You hear about Ice Tea, a friendly tool that checks your code for security problems like a careful friend reviewing your work.

2
📥 Get the tool

Download and prepare Ice Tea on your computer in just a few moments.

3
📁 Point to your code

Tell Ice Tea which folder holds your project, and optionally connect a smart helper for extra smarts.

4
🚀 Run the check

Hit go, and watch as Ice Tea quickly scans your files, spotting issues with helpful explanations.

5
📋 See the report

Get a clear list of problems found, with tips on how to fix them and different ways to view the results.

Safer code

Your project is now more secure, and you can easily check again anytime or share the report with your team.

Sign up to see the full architecture

4 more

Sign Up Free

Star Growth

See how this repo grew from 12 to 12 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is ice-tea?

Ice Tea is an AI-powered static code analysis tool written in Go that scans source code for vulnerabilities across 10 languages like Go, JavaScript, Python, and Java. It combines fast pattern matching, taint tracking, and optional OpenAI reasoning to verify findings and slash false positives, outputting clean reports in console, SARIF, JSON, or PDF formats. Developers get CI/CD-ready security checks—like `ice-tea scan ./src --format sarif`—that integrate seamlessly with GitHub Actions.

Why is it gaining traction?

Unlike rigid SAST scanners, its extensible skills system lets you add custom detection rules via YAML files, no Go recompiles needed, covering 456+ rules in domains like auth, injection, and API security. AI-powered static analysis tools like this stand out by using LLMs to explain and fix issues, plus SARIF support for GitHub code scanning. The MCP server hooks into AI agents like Claude for agentic workflows.

Who should use this?

DevSecOps engineers embedding SAST in GitHub pipelines for polyglot repos. Backend teams scanning Go or Node.js projects before merges. Security auditors evaluating ai powered static code analysis on vulnerable examples without setup hassle.

Verdict

Grab it for a test drive if you need lightweight, AI-enhanced SAST—docs and examples are solid, with good test coverage. But with just 12 stars and 1.0% credibility score, it's early alpha; stick to non-prod until more adoption.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.