Hi HN, Im building Velonus. Developers are drowning in noisy security alerts, so I built an automated AppSec tool to clean up the output.<p>Right now, Phase 1 is an open-source CLI. It wraps standard static analysis tools (Semgrep, Bandit, pip-audit, Safety, and TruffleHog) and runs them in parallel using asyncio.<p>Instead of dealing with 5 different JSON formats, It maps everything to a unified finding schema with CWE and OWASP Top 10 tags, creates a deterministic hash for each finding, and deduplicates the noise. It outputs to a clean terminal UI or SARIF 2.1.0 for CI integration.<p>You can install it using (pip install velonus)<p>I'd love for you try it out on your messiest Python repos and let me know how the deduplication holds up. Happy to answer any technical questions about the architecture.