codeanalyze

README

codeanalyze

codeanalyze provides an opinionated perspective on top of popular static analysis capabilities such as Semgrep to provide visibility into vulnerabilities and misconfigurations that may exist in a team's code base. Designed with data-modeling and data-integration needs in mind, codeanalyze can be used on its own as an interactive CLI, orchestrated as part of a broader data pipeline, or leveraged from within the Method Platform.

The types of scans that codeanalyze can conduct are constantly growing. For the most up to date listing, please see the documentation here

To learn more about codeanalyze, please see the Documentation site for the most detailed information.

Quick Start

Get codeanalyze

For the full list of available installation options, please see the Installation page. For convenience, here are some of the most commonly used options:

• docker run methodsecurity/codeanalyze
• docker run ghcr.io/method-security/codeanalyze
• Download the latest binary from the Github Releases page
• Installation documentation

General Usage

codeanalyze semgrep --config-type template --config-value <value> --target /path/to/target --local-rules-dir /path/to/rules

Contributing

Interested in contributing to codeanalyze? Please see our organization wide Contribution page.

Want More?

If you're looking for an easy way to tie codeanalyze into your broader cybersecurity workflows, or want to leverage some autonomy to improve your overall security posture, you'll love the broader Method Platform.

For more information, visit us here

Community

codeanalyze is a Method Security open source project.

Learn more about Method's open source source work by checking out our other projects here or our organization wide documentation here.

Have an idea for a Tool to contribute? Open a Discussion here.