Solana Security Standard — now installable everywhere.
The SOL-0XX rule set (28 Solana/Anchor bug classes drawn from real audits) now runs wherever you work, all from one source of truth:
- GitHub Action — scan every PR in CI:
uses: Copenhagen0x/solana-security-guidance@v1. Uploads SARIF for inline annotations + an adoption badge. - CLI —
npx @jelleo/solana-security-standard scan ./programs(human / JSON / SARIF output; non-zero exit gates CI). - VS Code extension — inline SOL-0XX squiggles as you type, in VS Code, Cursor, and Windsurf. 100% local, no telemetry.
- Semgrep ruleset —
semgrep --configfor any Semgrep pipeline. - Claude Code plugin — the original guidance file + patterns.
Same 17 deterministic patterns + 28 documented rules, no logic duplicated. SOL-001 is backed by two confirmed bounty wins. Built by Jelleo — the team that finds the bugs.