HackerTrans
TopNewTrendsCommentsPastAskShowJobs

bumahkib7

no profile record

Submissions

[untitled]

1 points·by bumahkib7·3 mesi fa·0 comments

[untitled]

1 points·by bumahkib7·4 mesi fa·0 comments

Show HN: Runix, deploy any back end in seconds, no Dockerfile needed

1 points·by bumahkib7·4 mesi fa·4 comments

Show HN: RMA Dashboard fast SAST results for monorepos (SARIF and triage)

rma-dashboard.bukhari-kibuka7.workers.dev
1 points·by bumahkib7·5 mesi fa·0 comments

RMA – Compile Semgrep rules to native Rust/Tree-sitter matchers

github.com
1 points·by bumahkib7·5 mesi fa·1 comments

Show HN: Rust Monorepo Analyzer v0.16.0 and v0.17.0 faster scans and better TUI

github.com
1 points·by bumahkib7·5 mesi fa·0 comments

Show HN: I wrote a Semgrep alternative in Rust with cross-file taint tracking

github.com
4 points·by bumahkib7·5 mesi fa·0 comments

RMA – Fast Rust monorepo scanner cross-file taint, typestate, <0.5s on 100k LOC

github.com
3 points·by bumahkib7·5 mesi fa·5 comments

comments

bumahkib7
·4 mesi fa·discuss
Update since posting: zero-config env var analysis is now live. Connect a repo, Runix scans your code, auto-detects every env var your app needs, provisions Postgres/Redis automatically, generates the secrets, and only asks you for the keys it can't know like STRIPE_SECRET_KEY. Most apps deploy with 2-3 fields to fill instead of starting from scratch.
bumahkib7
·4 mesi fa·discuss
Render drops to Docker for Java, Kotlin, .NET, and PHP. Runix auto-generates the Dockerfile for you, every runtime, zero config.
bumahkib7
·4 mesi fa·discuss
Hey HN, I built Runix (runixcloud.dev), a deployment platform for backends that aren't Node.js. The problem: Vercel is great but it's essentially JavaScript-only for real backends. Railway and Render work but still require you to write Dockerfiles and understand container configuration. Vibe coders using Cursor or Bolt can build a FastAPI or Spring Boot backend in minutes but have nowhere clean to deploy it. Runix solves this: connect your GitHub repo, push code, get a live URL. That's it. No Dockerfile. No config files. No Docker knowledge required. How it works:

Detects your runtime automatically (Rust, Java, Go, Python, Node, Ruby, Elixir, .NET) Generates an optimized Dockerfile using Claude AI Builds and runs your container Gives you a subdomain instantly: yourapp.runixcloud.dev Auto-provisions Postgres, Redis, or Kafka if your code needs them

The entire platform is built in Rust. The API, the build pipeline, the reverse proxy, the container orchestration. Runs on bare metal in Europe, not re-sold AWS. What makes it different from Railway and Render:

No Dockerfile ever required, AI generates it from your code Supports languages they don't prioritize: Rust, Java, Elixir, .NET Flat predictable pricing, no surprise bills Built on owned infrastructure so margins let us stay cheaper

Current status: beta, fully functional, first paying customers onboarded. Happy to answer anything, especially brutal feedback on what's missing or where the positioning is wrong. https://runixcloud.dev
bumahkib7
·5 mesi fa·discuss
This is super interesting. The “make everything look the same” angle is exactly what AI generated monorepos need if you want reviews to stay sane.

The absolute paths rule and the “no cycles unless same module” rule are both clean. I like that you’re optimizing for navigation too, not just style.

The two “would be nice” points hit hard:

A single crate level errors.rs with thiserror makes big repos feel way less messy.

The “pub but dead inside the monorepo” problem is real. Rust won’t flag it because it is public, but internally it is noise and people still spend time maintaining it.

How did you build these tools? Are you using rust-analyzer APIs, HIR, syn, or something else?

Also, if you have two minutes, can you try the dashboard and tell me what feels good or annoying about the workflow? for now login with github if possible. check it out.

https://rma-dashboard.bukhari-kibuka7.workers.dev/

It’s backed by Rust Monorepo Analyzer. Right now we focus on security and code intelligence, but your hygiene rules feel like a perfect “next layer” once the core analysis is solid.
bumahkib7
·5 mesi fa·discuss
I wanted Semgrep's security rules without the Python runtime overhead, so I built a compiler that translates Semgrep YAML patterns into tree-sitter queries at build time.

  The rules get embedded via include_bytes!(), so there's no file loading or parsing at runtime - just pattern matching against ASTs.

  Trickiest part was metavariables. Semgrep patterns like eval($X) need to capture arbitrary expressions, but tree-sitter queries don't have that concept natively. Ended up building a
  translator that converts patterns to S-expressions with captures.

  647 rules across 28 languages. Still has false positives on generated code.

  cargo install rma-cli
bumahkib7
·5 mesi fa·discuss
Thanks! What are you building on the side? Would love to know what's janky about the existing tools, that's exactly the kind of feedback that shapes what I work on next.
bumahkib7
·5 mesi fa·discuss
I built RMA because I was tired of waiting 5–20 minutes for Semgrep/CodeQL/SonarQube on large monorepos.

It's a Rust-native CLI that scans ~100k LOC in under 0.5 seconds and now has:

- Cross-file taint propagation (input in handler → util → sink) - String concatenation & template taint (real SQLi, XSS, command injection, path traversal) - Basic type inference + nullability (null dereference detection) - Typestate/protocol rules (file/DB/lock/crypto leaks, use-after-close, double-lock, etc.) - Interactive TUI viewer (navigate findings, filter severity, search, preview code snippets) - SARIF output → GitHub Security tab - Dashboard with vuln tables, fix recommendations, health scores (in progress)

Repo: https://github.com/bumahkib7/rust-monorepo-analyzer Latest release: https://github.com/bumahkib7/rust-monorepo-analyzer/releases...

Try it: cargo install rma rma scan . --profile strict --ai rma scan . --interactive # launches the TUI

Still early — false positives exist in generated/test code (tunable via rma.toml). Feedback very welcome: too noisy? Missing rules? Happy to hear it.