Long-form, cited, practical guides for engineers shipping AI-augmented code. Each guide is a pillar — full coverage of one topic, linked from the related blog posts that go deeper on specific failure modes.
The seven categories of bug AI coding assistants systematically miss — cross-file taint, hardcoded credentials, hallucinated imports, race conditions, context-dependent insecure patterns, auth middleware gaps, and PII flows. Cited research, worked examples, the deterministic complement for each.
Read guide
The curated reference index for the AI-code-quality problem. Papers, industry reports, OSS tools, and benchmark repos — each with a BrassCoders capsule explaining what builders should actually do with it. Five problem-led categories, quarterly refresh.
Read guide
A practical guide to reviewing AI-generated code without burnout. Covers the four failure modes of AI-assisted PRs (noise, secret leakage, hallucinated imports, diff complexity), the workflow that scales, and how to combine static analysis with LLM-based review.
Read guide
Honest comparison of open-source and commercial SAST tools. Three architectural patterns (rule-based, dataflow, AST-plus-context), real cost trade-offs, and a decision matrix matching the stack to your team size.
Read guide
Step-by-step setup from a fresh machine to a working CI integration. Install, first scan, AI assistant hand-off, GitHub Actions / GitLab CI examples, Paid plan activation, and .brassignore configuration tips.
Read guide
More guides in development. Subscribe via RSS or check back as the library grows.