grepmarx: source code static analysis platform for security auditors

Grepmarx – source code static analysis platform for security auditors

Grepmarx is a web application providing a single platform to quickly understand, analyze and identify vulnerabilities in possibly large and unknown code bases.

source code static analysis

Features

Code scanning capabilities

  • Security code analysis (SAST – Static Analysis Security Testing)
  • Multiple languages support: C/C++, C#, Go, HTML, Java, Kotlin, JavaScript, TypeScript, OCaml, PHP, Python, Ruby, Bash, Rust, Scala, Solidity, Terraform, Swift
  • Multiple frameworks support Spring, Django, Flask, jQuery, Express, and Angular…
  • Inspector: automatic application features discovery

Analysis rules

  • 1600+ existing analysis rules
  • Easily extend analysis rules using Semgrep syntax: https://semgrep.dev/editor
  • Manage rules in rule packs to tailor code scanning

Extra

  • Analysis workbench designed to efficiently browse scan results
  • Scan code that doesn’t compile
  • Comprehensive LOC (Lines of Code) counter
  • … and a Dark Mode

Install & Use

Copyright (c) Microsoft Corporation. All rights reserved.