Cejel is a trust certificate for code — any codebase, in any language, whoever or whatever wrote it. It is a free, offline command-line tool that scores the engineering signals that tell you whether to trust a repository - tests, secret hygiene, isolation, claim-vs-reality, and CI and audit discipline - and prints a portable certificate.
Rather than competing with the scanner you already run, Cejel aggregates them. Pipe in SARIF from Snyk, Semgrep, or CodeQL, plus OpenSSF Scorecard, and get one shareable, rubric-scored certificate over all of them, with every contributing tool attributed. It is especially useful for AI-written code, and for any code you didn't write yourself - an acquisition, or an inherited legacy system - exactly when trust can't be eyeballed.
Open-source and source-available. Runs fully offline, with no signup and no model call. A watermarked, air-gapped build runs fully on-prem for regulated teams.