Real scans of the world's most critical open-source projects. No project scored above 50%.
Each audit was run without configuration, without exclusion lists, on the official source trees.
Engine: BATEN CODE v1.0.26 · Standard: BICS (Baten Invariant Certification System) · Runs locally, no cloud.
0 / 11
Projects scoring above 50%
Redis. nginx. curl. PostgreSQL. CPython. SQLite. OpenSSL. Node.js. Git. Linux. LLVM/Clang. Combined: 18 000+ files scanned · 35 000+ anomalies detected.
The TLS handshake state machine of OpenSSL — securing the majority of the world's internet traffic — scores 8%.
Score Overview
8%
OpenSSL statem/
22%
SQLite
29%
nginx
29%
PostgreSQL
30%
Linux fs/
33%
Linux kernel/
35%
Git
36%
Redis
40%
Node.js
45%
LLVM/Clang
50%
curl
—
Your project?
11 Projects Audited · 2026-04-04
OpenSSL — Official Repository · C · ~1 400 files
8–67%
🔴 CRITICAL
0 CRITICAL · 48 HIGH · zero configuration · zero cloud
Component
Files
Score
HIGH
statem/ — TLS handshake state machine
10
8%
15
apps/
95
20%
15
crypto/
947
32%
12
quic/
48
47%
0
providers/
297
67%
6
⚠ statem/ = 8%. This is the code that negotiates and manages every TLS connection — HTTPS, VPN, email, banking. The component that the entire encrypted internet depends on scores 8% under BICS.
SQLite — Official Repository · C · 353 files
22%
🔴 CRITICAL
Scan in 12.6 s · 1 205 anomalies · 9 CRITICAL · 11 HIGH
Severity
Violations
Role in scoring
🔴 CRITICAL
9
Density penalty ×4
🟠 HIGH
11
Density penalty ×1
🟡 MEDIUM
1 067
Contamination ratio only
🔵 LOW
118
Contamination ratio only
SQLite is embedded in every iOS device, every Android device, every Chrome browser — and scores 22%.
nginx — Official Repository · C · 396 files
29%
🔴 CRITICAL
Scan in 9.6 s · 760 anomalies · 5 CRITICAL
Severity
Violations
Role in scoring
🔴 CRITICAL
5
Density penalty ×4
🟠 HIGH
0
Density penalty ×1
🟡 MEDIUM
746
Contamination ratio only
🔵 LOW
9
Contamination ratio only
nginx serves ~34% of all web traffic globally. 5 CRITICAL violations in its C core.
PostgreSQL — Official Repository · C · 2 552 files
29%
🔴 CRITICAL
Scan in 81 s · 6 156 anomalies · 26 CRITICAL · 545 HIGH
Severity
Violations
Role in scoring
🔴 CRITICAL
26
Density penalty ×4
🟠 HIGH
545
Density penalty ×1
🟡 MEDIUM
4 941
Contamination ratio only
🔵 LOW
644
Contamination ratio only
The most trusted open-source database, running financial systems worldwide. 26 CRITICAL · 545 HIGH.
Linux Kernel — Official Repository · C · 4 527 files (kernel/ + net/ + fs/)
29–33%
🔴 CRITICAL
7 618 anomalies total · 57 HIGH in kernel/ · zero configuration
Subsystem
Files
Score
HIGH
kernel/
607
33%
57
net/
1 813
29%
0
fs/
2 107
30%
0
Powers 90% of the world's servers, all Android devices, most of the cloud. Core kernel: 57 HIGH violations.
Git — Official Repository · C · 978 files
35%
🔴 CRITICAL
Scan in 18.7 s · 1 220 anomalies · 16 CRITICAL · 45 HIGH
Severity
Violations
Role in scoring
🔴 CRITICAL
16
Density penalty ×4
🟠 HIGH
45
Density penalty ×1
🟡 MEDIUM
—
Contamination ratio only
🔵 LOW
—
Contamination ratio only
Git manages virtually all of the world's source code. 16 CRITICAL violations in the version control system used by every developer on the planet.
Redis — Official Repository · C · 797 files
36%
🔴 CRITICAL
Scan in 16 s · 878 anomalies · 14 CRITICAL · 18 HIGH
Node.js — Official Repository · C/C++ · 429 files (src/)
40%
🔴 CRITICAL
Scan in 14 s · 630 anomalies · 1 CRITICAL
Severity
Violations
Role in scoring
🔴 CRITICAL
1
Density penalty ×4
🟠 HIGH
0
Density penalty ×1
🟡 MEDIUM
590
Contamination ratio only
🔵 LOW
39
Contamination ratio only
The JavaScript runtime powering millions of backend services worldwide.
LLVM / Clang — Official Repository · C++ · 1 600 files (clang/lib/)
45%
🔴 CRITICAL
Scan in 96.7 s · 3 953 anomalies · 0 CRITICAL · 0 HIGH
Severity
Violations
Role in scoring
🔴 CRITICAL
0
Density penalty ×4
🟠 HIGH
0
Density penalty ×1
🟡 MEDIUM
—
Contamination ratio only
🔵 LOW
—
Contamination ratio only
Best score in the gallery — 45%. The compiler used to build most of the world's production software. Still below 50%.
curl — Official Repository · C · 997 files
50%
🟠 HIGH
Scan in 18.7 s · 1 153 anomalies · 5 CRITICAL
Severity
Violations
Role in scoring
🔴 CRITICAL
5
Density penalty ×4
🟠 HIGH
0
Density penalty ×1
🟡 MEDIUM
681
Contamination ratio only
🔵 LOW
467
Contamination ratio only
curl runs on ~10 billion devices. The gallery's second-best score — exactly at the 50% threshold.
CPython — Official Repository · C Core · 374 files (Modules / Objects / Python / Parser)
22–49%
🔴 CRITICAL
1 CRITICAL · 33 HIGH · zero configuration · zero cloud
Component
Files
Score
CRITICAL / HIGH
Modules/
100
22%
0 / 19
Objects/
122
49%
1 / 2
Python runtime
127
43%
0 / 8
Parser/
25
48%
0 / 4
The reference implementation of Python — the world's most popular language. obmalloc.c: CRITICAL. posixmodule.c: 33 violations.
Coming soon
Firefox (Gecko)
C++ · ~15k files
Pending
V8 (Chrome)
C++ · ~3k files
Pending
Rust compiler
Rust · ~2k files
Pending
CPython stdlib
Python · ~2k files
Pending
Scoring Methodology
Formula — Base = (clean files / total files) × 100.
Density penalty = (CRITICAL × 4 + HIGH × 1) capped at 50% of base.
Final score = base − density penalty.
Philosophy — A project with 750 clean files out of 800 starts at 93% before any penalty.
One unsafe function does not condemn the whole codebase. MEDIUM and LOW violations are captured only through the contamination ratio — they lower the base without triggering the severity penalty.
BATEN CODE runs entirely on your machine. No data leaves your environment.
VSCode extension with live status bar · Windows standalone exe · CI/CD compatible