RRepoGEO

REPOGEO REPORT · LITE

Phelaine/SinkFinder

Default branch llm · commit 3fd38eff · scanned 6/1/2026, 4:07:17 AM

GitHub: 509 stars · 24 forks

AI VISIBILITY SCORE
35 /100
Critical
Category recall
0 / 2
Not recommended in any query
Rule findings
1 pass · 1 warn · 0 fail
Objective metadata checks
AI knows your name
3 / 3
Direct prompts that named your repo
HOW TO READ THIS REPORT

Action plan is what to do next — copy-pasteable changes prioritized by impact. Category visibility is the real GEO test: when a user asks an AI a brand-free question that should surface Phelaine/SinkFinder, does the AI actually recommend you — or your competitors? Objective checks verify the metadata signals AI engines weight first. Self-mention check detects whether AI even knows you exist by name.

Action plan — copy-paste fixes

3 prioritized changes generated by gemini-2.5-flash. Mark items done after you ship the fix.

OVERALL DIRECTION
  • highreadme#1
    Reposition README H1 and first sentence to specify Java/JVM target

    Why:

    CURRENT
    # SinkFinder + LLM

### 功能说明
闭源系统半自动漏洞挖掘工具,针对 jar/war/zip 进行静态代码分析,增加 LLM 大模型能力验证路径可达性,LLM根据上下文代码环境判断该路径可信分数。
    COPY-PASTE FIX
    # SinkFinder + LLM: AI-Powered Static Analysis for Java (JAR/WAR/ZIP) Vulnerabilities

### 功能说明
SinkFinder是一款闭源系统半自动漏洞挖掘工具,专门针对 Java 应用的 jar/war/zip 包进行静态代码分析,增加 LLM 大模型能力验证路径可达性,LLM根据上下文代码环境判断该路径可信分数。
  • hightopics#2
    Add relevant topics to the repository

    Why:

    CURRENT
    (none)
    COPY-PASTE FIX
    java, static-analysis, sast, vulnerability-scanning, llm, security, jar-analysis, war-analysis, taint-analysis, code-security
  • highlicense#3
    Add a LICENSE file to the repository

    Why:

    CURRENT
    (no LICENSE file detected — the repo has no recognizable license)
    COPY-PASTE FIX
    Create a LICENSE file in the repository root. Choose a standard open-source license (e.g., Apache-2.0, MIT, GPL-3.0) that best suits your project's distribution and usage intentions.

Category GEO backends resolved for this scan: google/gemini-2.5-flash, deepseek/deepseek-v4-flash

Category visibility — the real GEO test

Brand-free queries asked to google/gemini-2.5-flash. Did AI recommend you, or someone else?

Same questions for every model — switch tabs to compare answers and rankings.

Recall
0 / 2
0% of queries surface Phelaine/SinkFinder
Avg rank
Lower is better. #1 = top recommendation.
Share of voice
0%
Of all named tools, what % are you?
Top rival
Veracode Static Analysis
Recommended in 2 of 2 queries
COMPETITOR LEADERBOARD
  1. Veracode Static Analysis · recommended 2×
  2. Checkmarx SAST · recommended 1×
  3. Fortify Static Code Analyzer · recommended 1×
  4. SonarQube · recommended 1×
  5. Snyk Code · recommended 1×
  • CATEGORY QUERY
    How can I find vulnerabilities in compiled Java applications using static analysis and AI verification?
    you: not recommended
    AI recommended (in order):
    1. Checkmarx SAST
    2. Fortify Static Code Analyzer
    3. SonarQube
    4. Snyk Code
    5. Veracode Static Analysis
    6. CodeQL (github/codeql)
    7. DeepCode AI

    AI recommended 7 alternatives but never named Phelaine/SinkFinder. This is the gap to close.

    Show full AI answer
  • CATEGORY QUERY
    What tools analyze JAR/WAR files for potential security flaws and trace data flows?
    you: not recommended
    AI recommended (in order):
    1. OWASP Dependency-Check (jeremylong/DependencyCheck)
    2. Snyk
    3. Checkmarx SAST (CxSAST)
    4. Veracode Static Analysis
    5. Fortify Static Code Analyzer (SCA)
    6. SonarQube (with SonarJava plugin) (SonarSource/sonarqube)
    7. Contrast Security

    AI recommended 7 alternatives but never named Phelaine/SinkFinder. This is the gap to close.

    Show full AI answer

Objective checks

Rule-based audits of metadata signals AI engines weight most.

  • Metadata completeness
    warn

    Suggestion:

  • README presence
    pass

Self-mention check

Does AI even know your repo exists when asked about it directly?

  • Compared to common alternatives in this category, what is the core differentiator of Phelaine/SinkFinder?
    pass
    AI named Phelaine/SinkFinder explicitly

    AI answers can be confidently wrong. Read for accuracy: does it match your actual tech stack, audience, and differentiator?

  • If a team adopts Phelaine/SinkFinder in production, what risks or prerequisites should they evaluate first?
    pass
    AI named Phelaine/SinkFinder explicitly

    AI answers can be confidently wrong. Read for accuracy: does it match your actual tech stack, audience, and differentiator?

  • In one sentence, what problem does the repo Phelaine/SinkFinder solve, and who is the primary audience?
    pass
    AI named Phelaine/SinkFinder explicitly

    AI answers can be confidently wrong. Read for accuracy: does it match your actual tech stack, audience, and differentiator?

Embed your GEO score

Drop this badge into the README of Phelaine/SinkFinder. It auto-updates whenever the report is rescanned and links back to the latest report — easy public proof that you care about AI discoverability.

RepoGEO badge previewLive preview
MARKDOWN (README)
[![RepoGEO](https://repogeo.com/badge/Phelaine/SinkFinder.svg)](https://repogeo.com/en/r/Phelaine/SinkFinder)
HTML
<a href="https://repogeo.com/en/r/Phelaine/SinkFinder"><img src="https://repogeo.com/badge/Phelaine/SinkFinder.svg" alt="RepoGEO" /></a>
Pro

Subscribe to Pro for deep diagnoses

Phelaine/SinkFinder — Lite scans stay free; this card itemizes Pro deep limits vs Lite.

  • Deep reports10 / month
  • Brand-free category queries5 vs 2 in Lite
  • Prioritized action items8 vs 3 in Lite