⚠️ Note: We are currently redesigning Codyze. We have moved most of the functionality into a subpackagecodyze-v2. For the foreseeable future, we continue to maintain the legacy version of Codyze.Gradually, we are replacing legacy functionality with the redesigned one. Where this approach isn't feasible due to breaking changes, we're going to offer a switch to either use the legacy version or redesigned version.
If you are looking for a stable version, please use the 2.0.0-beta release.
Codyze is a static code analyzer that focuses on verifying security compliance in source code, i.e. by inferring the correct use of cryptographic libraries. It operates on code property graphs and is thus able to handle non-compiling or even incomplete code fragments.
Codyze has three execution modes:
- Analyze mode checks the source code against a set of rules. This mode can be integrated into scripts and automated build processes.
- Language Server Protocol mode integrates Codyze into an IDE and automatically analyzes code while developing.
- Interactive Console mode allows to explore and analyze the source code interactively.
This repository contains two versions of Codyze, Codyze v2 and Codyze v3. It is set up as a separate composite build so both versions can be built separately.
Please refer to the READMEs in the codyze-v2 and codyze-v3 directories for the concrete build instructions.
The full documentation can be found at https://www.codyze.io.
If you are looking for an exciting thesis project or student job in the field of static analysis, we are happy to discuss possible topics. Please contact us at codyze [at] aisec.fraunhofer.de.
We will continue to maintain this project for the foreseeable future on a best-effort basis. That is, if you run into any bugs or find the documentation insufficient, we encourage you to open issues or pull requests. If you are interested in support and development for commercial use, please contact us.