Notes on AI code review noise filtering, static analysis, and shipping cleaner code with Claude Code / Cursor.https://coppersun.dev/en-ushttps://coppersun.dev/blog/audit-ready-ai-code-scan/https://coppersun.dev/blog/audit-ready-ai-code-scan/Auditors do not accept stochastic scanner output. Deterministic, reproducible, citation-ready YAML — the audit posture an AI-augmented engineering team needs by 2026.Sat, 06 Jun 2026 00:00:00 GMTsecurityengineeringCopper Sun Brass Teamhttps://coppersun.dev/blog/sast-finding-overload/https://coppersun.dev/blog/sast-finding-overload/A static-analysis report with 1,500 findings is functionally a report with zero findings — nobody reads it. The bottleneck is ranking, not detection.Fri, 05 Jun 2026 00:00:00 GMTsecurityengineeringCopper Sun Brass Teamhttps://coppersun.dev/blog/copilot-vs-brasscoders-division-of-labor/https://coppersun.dev/blog/copilot-vs-brasscoders-division-of-labor/AI code review and deterministic static analysis are complementary layers, not competitors. The math of running both, the hand-off prompt, and when replacing one with the other is wrong.Thu, 04 Jun 2026 00:00:00 GMTcomparisonai-code-reviewCopper Sun Brass Teamhttps://coppersun.dev/blog/cross-file-bugs-ai-misses/https://coppersun.dev/blog/cross-file-bugs-ai-misses/AI coding assistants reason within a single file's context window and miss bugs whose taint flows across three or more files. The category that ships past AI-assisted review.Wed, 03 Jun 2026 00:00:00 GMTsecurityengineeringCopper Sun Brass Teamhttps://coppersun.dev/blog/ai-code-cve-reckoning-q1-2026/https://coppersun.dev/blog/ai-code-cve-reckoning-q1-2026/AI-generated code drove a 2.74× CVE increase in Q1 2026 — from 6 AI-attributed CVEs in January to 35 in March alone. A reading of what the data says about where deterministic detection needs to go.Tue, 02 Jun 2026 00:00:00 GMTsecurityai-code-reviewCopper Sun Brass Teamhttps://coppersun.dev/blog/brasscoders-open-source-on-github/https://coppersun.dev/blog/brasscoders-open-source-on-github/The full BrassCoders CLI is open source on GitHub under Apache 2.0. 12 scanners, source-auditable detection, contributions welcome. Repo at CopperSunDev/brasscoders.Tue, 02 Jun 2026 00:00:00 GMTlaunchoss-coreengineeringCopper Sun Brass Teamhttps://coppersun.dev/blog/what-brass-sends-to-its-servers/https://coppersun.dev/blog/what-brass-sends-to-its-servers/BrassCoders scans run entirely on your machine by default. The Paid plan adds one network call to our gateway with already-redacted findings, never raw source code. Here is every byte that leaves your machine.Sun, 31 May 2026 00:00:00 GMTprivacyoss-coreengineeringCopper Sun Brass Teamhttps://coppersun.dev/blog/brass-paid-launched/https://coppersun.dev/blog/brass-paid-launched/BrassCoders Paid is now generally available. $12/dev/month adds AI-powered semantic dedup, cluster sizing, and rank-by-relevance against your project signature. The OSS core stays free forever.Sun, 31 May 2026 00:00:00 GMTlaunchpaid-tierai-code-reviewCopper Sun Brass Teamhttps://coppersun.dev/blog/secrets-your-ai-might-leak/https://coppersun.dev/blog/secrets-your-ai-might-leak/AI coding assistants embed credentials in generated config files, example scripts, and test fixtures more often than developers expect. The detection pattern is entropy plus format matching — here is what BrassCoders scans for and why.Sun, 31 May 2026 00:00:00 GMTsecurityai-code-reviewprivacyCopper Sun Brass Teamhttps://coppersun.dev/blog/triage-500-line-ai-pr/https://coppersun.dev/blog/triage-500-line-ai-pr/A worked example of BrassCoders plus an AI assistant doing real PR review work. Scan locally, hand the ranked output to Claude Code or Cursor, walk each finding to a diff. Total reviewer time stays roughly constant regardless of diff size.Sun, 31 May 2026 00:00:00 GMTai-code-reviewengineeringoss-coreCopper Sun Brass Teamhttps://coppersun.dev/blog/when-ai-invents-libraries/https://coppersun.dev/blog/when-ai-invents-libraries/AI coding assistants confidently generate imports of packages that don't exist on PyPI or npm. The pattern is documented, the supply-chain risk is real, and the detection is straightforward — here is how it works.Sun, 31 May 2026 00:00:00 GMTsecurityai-code-reviewengineeringCopper Sun Brass Teamhttps://coppersun.dev/blog/why-claude-code-emits-eight-findings/https://coppersun.dev/blog/why-claude-code-emits-eight-findings/AI code review tools surface a lot of speculative noise alongside the real bugs. Here's why that happens and how to filter the output down to the findings that merit a developer's attention.Sun, 31 May 2026 00:00:00 GMTclaude-codeai-code-reviewnoise-reductionstatic-analysisCopper Sun Brass Team