grepmarx: source code static analysis platform for security auditors
Grepmarx – source code static analysis platform for security auditors
Grepmarx is a web application providing a single platform to quickly understand, analyze and identify vulnerabilities in possibly large and unknown code bases.
Features
Code scanning capabilities
- Security code analysis (SAST – Static Analysis Security Testing)
- Multiple languages support: C/C++, C#, Go, HTML, Java, Kotlin, JavaScript, TypeScript, OCaml, PHP, Python, Ruby, Bash, Rust, Scala, Solidity, Terraform, Swift
- Multiple frameworks support Spring, Django, Flask, jQuery, Express, and Angular…
- Inspector: automatic application features discovery
Analysis rules
- 1600+ existing analysis rules
- Easily extend analysis rules using Semgrep syntax: https://semgrep.dev/editor
- Manage rules in rule packs to tailor code scanning
Extra
- Analysis workbench designed to efficiently browse scan results
- Scan code that doesn’t compile
- Comprehensive LOC (Lines of Code) counter
- … and a Dark Mode
Install & Use
Copyright (c) Microsoft Corporation. All rights reserved.