Our quest to make world-class security and bugfinding available to all developers, for free

r2c has developed Bento, an open-source toolkit designed to make advanced code analysis tools accessible to all developers, particularly those who may not work for large companies with extensive resources. Bento is an opinionated tool that integrates linters and program analysis into a codebase, providing curated AST-based lints and focusing on finding critical bugs and security issues rather than style discrepancies. It operates entirely offline, ensuring no code leaves the developer's machine, and is easy to install and configure. The toolkit aims to streamline the process of identifying and addressing significant code issues by providing automatic configuration based on dependencies and frameworks, reducing the need to sift through numerous linter results. Bento's roadmap includes expanding beyond AST-based linting to incorporate checks like SQL injection detection and dependency upgrade analysis, and it encourages community involvement and feedback to continuously improve the tool.