Network probes find surfaces. Code finds reachability. The nexus_code pipeline turns a repo into graph-linked findings with an isolation boundary before anything is treated as confirmed.
Taint first
TaintAnalyser in nexus_code/project_graph.py runs inter-procedural BFS from request/input sources to dangerous sinks. Confidence starts at 0.90 and decays 0.08 per hop — longer call chains are weaker claims, not louder ones.
Parallel discovery
SemgrepAgent— community rules when the binary is presentSecretScanner— TruffleHog → gitleaks → regex fallbackSupplyChainAgent— OSV batch + typosquat checksVariantAnalyser/ fuzzers — structural variants and harness generation
Sandbox boundary
Docker · --network none · --cap-drop ALL · --read-only user 65534 · memory + cpus capped · indicator in stdout
SandboxExecutor confirms PoC indicators — not production RCE. Confirmed CodeFinding nodes bridge into the EvidenceGraph with source_type: code and optional maps_to_asset_id, so attack chains can span network and code in one projection.
Why this matters
Autonomous security research only earns trust when the runtime can refuse to overclaim. This note documents a shipped invariant in Nexus / TCSF — the kind of detail practitioners and search engines both need to evaluate the system honestly.
FAQ
Does longer taint chain mean higher severity?
No. TaintAnalyser confidence starts at 0.90 and decays 0.08 per hop — longer chains are weaker claims.
Is the sandbox production RCE?
No. SandboxExecutor confirms PoC indicators in Docker with --network none, --cap-drop ALL, and --read-only.