Skip to content
/ codyze Public
forked from Fraunhofer-AISEC/codyze

Codyze is a static analyzer for Java, C, C++ based on code property graphs

www.codyze.io

License

Apache-2.0 license
0 stars 18 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

0xNiko/codyze

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1,568 Commits
.github/workflows
.github/workflows
 
 
docs
docs
 
 
gradle/wrapper
gradle/wrapper
 
 
plugins/vscode
plugins/vscode
 
 
schema
schema
 
 
scripts
scripts
 
 
src
src
 
 
.dockerignore
.dockerignore
 
 
.editorconfig
.editorconfig
 
 
.gitignore
.gitignore
 
 
.gitmodules
.gitmodules
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
build.gradle.kts
build.gradle.kts
 
 
formatter-settings.xml
formatter-settings.xml
 
 
gradle.properties
gradle.properties
 
 
gradlew
gradlew
 
 
gradlew.bat
gradlew.bat
 
 
jitpack.yml
jitpack.yml
 
 
publish_to_gh_pages.sh
publish_to_gh_pages.sh
 
 
renovate.json
renovate.json
 
 
settings.gradle.kts
settings.gradle.kts
 
 
updateSARIF.md
updateSARIF.md
 
 

Repository files navigation

Codyze 🔎 🚀

build GitHub last commit GitHub

⚠️ Note: We are currently redesigning Codyze. We have moved most of the functionality into a subpackage legacy. For the foreseeable future, we continue to maintain the legacy version of Codyze. Over

Gradually, we're replacing legacy functionality with the redesigned one. Where this approach isn't feasible due to breaking changes, we're going to offer a switch to either use the legacy version or redesigned version.

If you are looking for a stable version, please use the 2.0.0-beta release.

Codyze is a static code analyzer that focuses on verifying security compliance in source code, i.e. by inferring the correct use of cryptographic libraries. It operates on code property graphs and is thus able to handle non-compiling or even incomplete code fragments.

Documentation: https://www.codyze.io

Build & Run Codyze

Java 11 (OpenJDK) is a prerequisite.

To build an executable version of Codyze, use the installDist task:

$ ./gradlew installDist

This will provide you with an executable Codyze installation under build/install/codyze. To start Codyze, change to the directory and run Codyze.

Codyze has three execution modes:

  • commando line interface mode (-c, default)
  • language server protocol mode (-l)
  • interactive console mode (-t).

An exemplary call to start the commando line interface mode would be

$ cd build/install/codyze
$ ./bin/codyze -m ./mark -s <sourcepath>

where <sourcepath> denotes the path to the source directory or file which should be analyzed.

Codyze can be further configured with additional command line arguments or a YAML configuration file. For more information about the usage and configurations, please refer to https://www.codyze.io and the corresponding wiki page.

Research & Student Work

If you are looking for an exciting thesis project or student job in the field of static analysis, we are happy to discuss possible topics. Please contact us at codyze [at] aisec.fraunhofer.de.

Support

We will continue to maintain this project for the foreseeable future on a best-effort basis. That is, if you run into any bugs or find the documentation insufficient, we encourage you to open issues or pull requests. If you are interested in support and development for commercial use, please contact us.

License

Apache License 2.0

About

Codyze is a static analyzer for Java, C, C++ based on code property graphs

www.codyze.io

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

19 tags

Packages

No packages published

Languages

  • Kotlin 48.4%
  • Java 38.2%
  • C++ 9.9%
  • Python 2.0%
  • C 0.6%
  • Shell 0.2%
  • Other 0.7%