RRepoGEO

REPOGEO REPORT · LITE

owasp-noir/noir

Default branch main · commit 03cb25f6 · scanned 5/24/2026, 7:06:28 PM

GitHub: 1,295 stars · 127 forks

AI VISIBILITY SCORE
40 /100
Critical
Category recall
0 / 2
Not recommended in any query
Rule findings
2 pass · 0 warn · 0 fail
Objective metadata checks
AI knows your name
3 / 3
Direct prompts that named your repo
HOW TO READ THIS REPORT

Action plan is what to do next — copy-pasteable changes prioritized by impact. Category visibility is the real GEO test: when a user asks an AI a brand-free question that should surface owasp-noir/noir, does the AI actually recommend you — or your competitors? Objective checks verify the metadata signals AI engines weight first. Self-mention check detects whether AI even knows you exist by name.

Action plan — copy-paste fixes

3 prioritized changes generated by gemini-2.5-flash. Mark items done after you ship the fix.

OVERALL DIRECTION
  • highreadme#1
    Clarify project's purpose and differentiate from ZKP 'Noir' language in README

    Why:

    CURRENT
    Noir is a SAST tool that reads source code and extracts the endpoints an application exposes — paths, methods, parameters, headers, cookies, and the source files behind them.
    COPY-PASTE FIX
    **OWASP Noir is a Static Application Security Testing (SAST) tool for API security, distinct from the 'Noir' programming language for Zero-Knowledge Proofs (ZKP).** It reads source code to extract and map all exposed endpoints — paths, methods, parameters, headers, cookies, and the source files behind them.
  • mediumtopics#2
    Add more specific topics to improve category recall

    Why:

    CURRENT
    api-security, attack-surfaces, crystal, devsecops, endpoints, hacktoberfest, owasp, owasp-noir, pentesting, security, shadow-api
    COPY-PASTE FIX
    api-security, attack-surfaces, crystal, devsecops, endpoints, hacktoberfest, owasp, owasp-noir, pentesting, security, shadow-api, sast, static-analysis, application-security, api-discovery
  • mediumreadme#3
    Add a 'Comparison to Alternatives' section in the README

    Why:

    COPY-PASTE FIX
    Add a new section to the README, e.g., `## Comparison to Alternatives`, that briefly outlines how OWASP Noir's focus on static API endpoint discovery and attack surface mapping differentiates it from DAST tools (like OWASP ZAP, Burp Suite), API management tools (like Postman, OpenAPI Generator), and general-purpose SAST tools (like Semgrep, CodeQL).

Category GEO backends resolved for this scan: google/gemini-2.5-flash, deepseek/deepseek-v4-flash

Category visibility — the real GEO test

Brand-free queries asked to google/gemini-2.5-flash. Did AI recommend you, or someone else?

Same questions for every model — switch tabs to compare answers and rankings.

Recall
0 / 2
0% of queries surface owasp-noir/noir
Avg rank
Lower is better. #1 = top recommendation.
Share of voice
0%
Of all named tools, what % are you?
Top rival
OpenAPI Generator / Swagger Codegen
Recommended in 1 of 2 queries
COMPETITOR LEADERBOARD
  1. OpenAPI Generator / Swagger Codegen · recommended 1×
  2. Postman · recommended 1×
  3. zaproxy/zaproxy · recommended 1×
  4. Burp Suite · recommended 1×
  5. Grype / Trivy · recommended 1×
  • CATEGORY QUERY
    How can I identify all exposed API endpoints and potential shadow APIs in my codebase?
    you: not recommended
    AI recommended (in order):
    1. OpenAPI Generator / Swagger Codegen
    2. Postman
    3. OWASP ZAP (Zed Attack Proxy) (zaproxy/zaproxy)
    4. Burp Suite
    5. Grype / Trivy
    6. Semgrep (semgrep/semgrep)
    7. APIClarity (apiclarity/apiclarity)

    AI recommended 7 alternatives but never named owasp-noir/noir. This is the gap to close.

    Show full AI answer
  • CATEGORY QUERY
    What static analysis tools help map application attack surface by extracting endpoints from code?
    you: not recommended
    AI recommended (in order):
    1. Semgrep (returntocorp/semgrep)
    2. CodeQL (github/codeql)
    3. GoSec (securego/gosec)
    4. Bandit (PyCQA/bandit)
    5. ESLint (eslint/eslint)
    6. SpotBugs (spotbugs/spotbugs)
    7. SonarQube (SonarSource/sonarqube)

    AI recommended 7 alternatives but never named owasp-noir/noir. This is the gap to close.

    Show full AI answer

Objective checks

Rule-based audits of metadata signals AI engines weight most.

  • Metadata completeness
    pass

  • README presence
    pass

Self-mention check

Does AI even know your repo exists when asked about it directly?

  • Compared to common alternatives in this category, what is the core differentiator of owasp-noir/noir?
    pass
    AI named owasp-noir/noir explicitly

    AI answers can be confidently wrong. Read for accuracy: does it match your actual tech stack, audience, and differentiator?

  • If a team adopts owasp-noir/noir in production, what risks or prerequisites should they evaluate first?
    pass
    AI named owasp-noir/noir explicitly

    AI answers can be confidently wrong. Read for accuracy: does it match your actual tech stack, audience, and differentiator?

  • In one sentence, what problem does the repo owasp-noir/noir solve, and who is the primary audience?
    pass
    AI named owasp-noir/noir explicitly

    AI answers can be confidently wrong. Read for accuracy: does it match your actual tech stack, audience, and differentiator?

Embed your GEO score

Drop this badge into the README of owasp-noir/noir. It auto-updates whenever the report is rescanned and links back to the latest report — easy public proof that you care about AI discoverability.

RepoGEO badge previewLive preview
MARKDOWN (README)
[![RepoGEO](https://repogeo.com/badge/owasp-noir/noir.svg)](https://repogeo.com/en/r/owasp-noir/noir)
HTML
<a href="https://repogeo.com/en/r/owasp-noir/noir"><img src="https://repogeo.com/badge/owasp-noir/noir.svg" alt="RepoGEO" /></a>
Pro

Subscribe to Pro for deep diagnoses

owasp-noir/noir — Lite scans stay free; this card itemizes Pro deep limits vs Lite.

  • Deep reports10 / month
  • Brand-free category queries5 vs 2 in Lite
  • Prioritized action items8 vs 3 in Lite