Skip to content

Latest commit

 

History

History
49 lines (33 loc) · 2.5 KB

README.md

File metadata and controls

49 lines (33 loc) · 2.5 KB

Codyze 🔎 🚀

build GitHub last commit codecov GitHub

⚠️ This version of Codyze is still under development. If you are looking for a stable version, please use the 2.3.0 release.

Codyze is a static code analyzer that focuses on verifying security compliance in source code, i.e. by inferring the correct use of cryptographic libraries. It operates on code property graphs and is thus able to handle non-compiling or even incomplete code fragments.

Build & Run Codyze

A Java SE 17 JDK is a prerequisite. We build and test using Eclipse Temurin but any distribution should work.

To build an executable version of Codyze, use the installDist task in the project's root:

$ ./gradlew :codyze-cli:installDist

This will provide you with an executable Codyze installation under codyze-cli/build/install/codyze-cli.

To run Codyze you can either run this executable or use the run task:

$ ./gradlew run

This will print the help message and return an error.

To actually run Codyze you must specify a subcommand:

$ ./gradlew run --args="--config=config.json runCoko cokoCpg"

This will run the runCoko subcommand with the cokoCpg backend using the demo config file ./codyze-cli/config.json.

For more information, please refer to the documentation.

Research & Student Work

If you are looking for an exciting thesis project or student job in the field of static analysis, we are happy to discuss possible topics. Please contact us at codyze [at] aisec.fraunhofer.de.

Support

We will continue to maintain this project for the foreseeable future on a best-effort basis. That is, if you run into any bugs or find the documentation insufficient, we encourage you to open issues or pull requests. If you are interested in support and development for commercial use, please contact us.

License

Apache License 2.0