[jostkolega]

Semgrep's a solid choice for this. The stuff you're catching - secrets, SQLi, weak hashing- is where pattern matching shines.

The tricky part with LLM-generated code is when it's syntactically fine but semantically broken. Stuff like:

- auth logic that checks user.role but also has a `req.query.admin === 'true'` fallback because the model left debug code in

- JWT validation that calls verify() but passes `algorithms: ['none']` or disables signature checking — the code looks right

- async TOCTOU bugs where permission check and action aren't atomic because the LLM wrote it like sync code

None of these match simple patterns. You need dataflow analysis to catch them reliably.

Curious if you're thinking about that for the paid tier, or keeping it pattern-based to stay fast?