Ocular: 14 Day Free Trial

Code auditors and vulnerability researchers practice their art largely using grep, because code analysis tools are too inflexible and dated.

ShiftLeft’s Ocular enables the detailed, complex mining of ShiftLeft’s Code Property Graph (CPG). The CPG includes syntax trees, control flow graphs, call graphs, data dependencies, and directory structures, to name a few, and an easy to use query language.

Ocular, and its predecessor, Joern, have been used by several organizations to find zero-day vulnerabilities in large complex code bases, such as the Linux kernel.

Hunting Vulnerabilities With ShiftLeft Ocular

Zip Slip
XML External Entity Processing
Denial of Service (DOS) Attack
SQL Injection
Information Leakage
Cookie Poisoning
Security Misconfiguration
Introducing ShiftLeft Ocular
Connecting Your Tooling With Ocular Scripts
Exploring Your Code Base With ShiftLeft Ocular

 Key Benefits:

    • Accuracy: Write custom queries that understand your unique environment.
    • Cross-language Policies: Save queries as policy and run them against all your applications, regardless of programming language.
    • Automate Policy Checks: Automatically run policies upon pull request, build, or release.


  Free Trial Full Version
CPG Queries check-mark check-mark
Data flow engine check-mark check-mark
Security Profile Queries delete check-mark
Policies delete check-mark
Framework support delete check-mark