Code auditors and vulnerability researchers practice their art largely using grep, because code analysis tools are too inflexible and dated.
ShiftLeft’s Ocular enables the detailed, complex mining of ShiftLeft’s Code Property Graph (CPG). The CPG includes syntax trees, control flow graphs, call graphs, data dependencies, and directory structures, to name a few, and an easy to use query language.
Ocular, and its predecessor, Joern, have been used by several organizations to find zero-day vulnerabilities in large complex code bases, such as the Linux kernel.
Hunting Vulnerabilities With ShiftLeft Ocular
XML External Entity Processing
Denial of Service (DOS) Attack
Introducing ShiftLeft Ocular
Connecting Your Tooling With Ocular Scripts
Exploring Your Code Base With ShiftLeft Ocular
Accuracy:Write custom queries that understand your unique environment.
Cross-language Policies:Save queries as policy and run them against all your applications, regardless of programming language.
Automate Policy Checks:Automatically run policies upon pull request, build, or release.