Who's there? Perl ruleset update

The DerScanner team is pleased to announce the latest release, featuring a major update to the Perl rule set.

Not long ago, we wrote about why Perl deserves proper SAST support — and why we believe programming language shouldn't define its security posture. In that post, we introduced DerScanner's dedicated static analysis for Perl, built from the ground up with a custom rule engine. Today, we're taking that commitment further.

With this release, the Perl rule set has grown by 50%. The new rules target some of the most critical vulnerability types:

• Command Injection
• HTTP Header Manipulation
• Information Leak
• Open Redirect
• Persistent and Reflected XSS
• Resource Injection 

These are the kinds of flaws that lead to unauthorized access, data exposure, and system compromise.

We've also reworked a number of existing rules to improve accuracy and extend their reach. Special attention went to the Dancer2 framework: we developed dedicated patterns for it, applied across both new and updated rules, so teams building on Dancer2 now get stronger coverage out of the box.

When we said Perl deserves the same level of protection as any top-10 language, we meant it — and this update represents an important step forward in improving detection depth and strengthening overall system resilience for Perl applications. We appreciate your continued trust and hope this release brings value to your work.