- I wanted to give this a try, but it immediately asks for authority to "Act on your behalf" on GitHub. That's not something that I'm going to grant to an unfamiliar agent.
It would make a lot more sense to me if you provided a lighter "intro" version, even if that means it can only run on public repos.
- On the landing page I see full names and pictures of customers but not any information about the founders and/or shareholders. I click on "about us" and "privacy" and "terms" and "trust center" and I cannot figure out: What is the name of the company, where is it located, who will be having access to my data. For a security-related startup if such information is missing it's a big red flag.
Also unfortunately the animation on the landing page makes the whole website quite slow.
- $30/committer/month, while only running scans biweekly, not even including "Enterprise" pricing, is really, really steep and will be a big barrier to adoption in larger enterprises with many engineers. You're basically asking enterprises to take the $30/committer/month pricing that they're spending on something like GitLab Premium, and double it, for bug reports? They may be great bug reports, but if it's difficult enough to get teams to merge automated MRs from tools like Dependabot/Renovate, what makes you so confident that a large enterprise customer will be so willing to add Another Tool that opens More MRs that require engineers to spend More Time Reviewing that may or may not have anything to do with shipping more features out the door?
Please consider a pricing model that's closer to bug bounties. There's clearly a working pricing model where companies are willing to pay bounties for discovered vulnerabilities. Your tool finds vulnerabilities (among other classes of bugs). Why not a pricing model where customers agree up-front to pay per bug your model finds? There are definitely some tricky parts to that model - you need an automated way of grading/scoring the bugs you find, since critical-severity bugs will be worth more (and be more interesting to customers) compared to low-severity bugs, and some customers will surely appeal some of the automatic scores - but could you make it work? Customers could then have more control over scaling up usage of Detail (adding slowly to more repositories), including capping how many bugs of each severity they would like reports for (to limit their spend), allowing customers to slowly add more repositories and run scans more frequently to find more bugs as they get more proven value from the tool.
- I played around with Detail recently and it was super helpful to point me directly to the code causing some bugs that I know I had, but wasn't sure about the root cause.
Waxing philosophical a bit, I think tools like these are going to be super helpful as our collective understanding of the codebases we own decreases over time due to the proliferation of AI generated code. I'm not making a value judgement here, just pointing out that as we understand codebases less, tools that help us track down the root causes of bugs will be more important.
by eikenberry
0 subcomment
- How do you define "merge-quality" and how to you determine a PR is of merge quality? Particularly when you are generating a lot of them with no human oversight involved?
by sbruchmann
1 subcomments
- Got redirected to a 404 after signing in with GitHub:
https://app.detail.dev/onboarding
by StrangeSound
0 subcomment
- How would this work with a monorepo? I tried earlier with no success unfortunately
by hiesenbug
1 subcomments
- Does this work for cross-compiled projects as well? Do you only require code that's buildable on the host or also runnable? How would it behave for a firmware codebase?
- How does this work if your repos aren't on GitHub? And what if your code has nothing to do with backend web apps?
- Looks interesting, but I self host so it would have to work with plain Git URLs.
by ZeroConcerns
1 subcomments
- So, this is only for codebases hosted on Github, right? Any plans for folks not in that ecosystem? And which languages do you support? The examples show Go, (Type|Java)Script, Python, Rust and Zig, which is rather diverse, but lacks some typical 'enterprise' options. The examples look nice and quite different from the usual static analyzer slop, so that is welcome!
- Looking forward to this working with Gitlab!
- Very impressed with the results on our repo. Great stuff for managing all of the AI slop.
Hacker News