ZeroPath

ZeroPath is a clever tool made to find and fix security problems in software. A team of skilled security experts and bug hunters created it. This tool uses smart AI methods to spot tricky security issues that other tools might miss. It is great at finding problems with business logic, authentication, and other common issues.

Key Features

ZeroPath has several key features that make it special:

Pre Merge Scanning ZeroPath checks code before it is merged into the main codebase. It completes pull request scans in under a minute to find security issues early. This makes sure that development workflows are not interrupted.

Language Support The tool works with many programming languages like JavaScript, Python, Go, Java, C#, and PHP. It uses a special library for something called Abstract Syntax Tree generation. This allows easy integration of additional or custom language grammars.

Vulnerability Detection ZeroPath''s detection process has six main steps. It triggers scans, identifies applications, generates and indexes graphs, enriches graphs, discovers and validates vulnerabilities, and generates and integrates patches.

Advanced Techniques The tool uses advanced techniques like Tree of Thoughts and a special ReAct framework. This ensures the tool is used methodically.

Monte Carlo Tree Self Refine Algorithm ZeroPath uses this algorithm to explore and verify complex technical attack vectors efficiently. This reduces false alarms and improves the accuracy of vulnerability detection.

Benefits

ZeroPath works with GitHub to scan pull requests for vulnerabilities. It uses advanced AI models to reduce false alarms significantly. The tool creates patches for identified vulnerabilities and automatically issues pull requests to fix them. This supports complex, multi file changes easily and allows natural language modification of patches.

ZeroPath has found critical zero day vulnerabilities in popular open source projects. Some notable discoveries include local file inclusion in Fonoster Voice Server, remote code execution in Uptrain, and command injection in Clone Voice. The tool has also found various authentication bugs in RAGFlow and LibrePhotos. For a full list of reported issues, you can visit the ZeroPath Security Wall of Fame page.

Use Cases

ZeroPath has been tested against leading SAST tools like Bearer, Semgrep, and Snyk. The results show ZeroPath''s better detection capabilities and lower false alarm rates. This is especially clear in complex scenarios involving business logic and authentication vulnerabilities. The tool''s advanced analysis techniques and natural language patch modification features set it apart from traditional SAST solutions.

Cost Price

ZeroPath is now available to the public. Over 40 companies across various sectors are already using the solution. To get started, you can install the GitHub app and schedule a personalized demo. ZeroPath is offering a YC Launch Deal with 50% off for 12 months, valid until August 15, 2024.

Funding

The ZeroPath team includes Nathan, a former Tesla Red Team Engineer with over $100k in bug bounties, and Raphael, a former Google Security Engineer with 12 security researcher hall of fames. The team also includes Dean & Etienne, founders of Mevlink, which was acquired by Bloxroute in 2023.

Reviews Testimonials

ZeroPath is a big step forward in AI driven vulnerability detection. It addresses long standing challenges in SAST. By combining deep program analysis with adversarial AI agents, ZeroPath finds critical bugs that might be overlooked by traditional tools. This enhances the security of open source ecosystems. For more information, visit the ZeroPath website.