Static analysis

Static analysis #

This section presents several static analysis tools. For each tool, we cover topics such as:

  • Installation and basic use
  • Advanced configuration
  • Usage in continuous integration pipelines
CodeQL
CodeQL is a static analysis tool that transforms code into a relational database, and provides a custom declarative language to query this database.
Semgrep
Semgrep is a fast and open source static analysis tool for finding bugs, detecting vulnerabilities in third-party dependencies, and enforcing code standards.
Edit Edit this page | Trail of Bits | Trail of Bits Blog | Contact us
This content is licensed under a Creative Commons Attribution 4.0 International license.