Codeql学习笔记

CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security

详细的C/C++编程规范指南，由360质量工程部编著，适用于桌面、服务端及嵌入式软件系统。

程序语言与编译技术相关资料（持续更新中）

⚙️ A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality.

Java 1-21 Parser and Abstract Syntax Tree for Java with advanced analysis functionalities.

南京大学《软件分析》课程课后作业(非Bamboo) NJU's software analysis homework; ... Not official, just a reference

上海交通大学软件学院课程编译原理(SE3355)笔记

静态程序分析工具 主要生成方法的CFG和.java文件的AST

自动反编译闭源应用，创建codeql数据库

Java bytecode analyzer customizable via JSON rules

A CAT called tabby ( Code Analysis Tool )

编译原理学习代码仓库

记录学习codeql的过程

静态分析及代码审计自动化相关资料收集

记录学习codeql的过程

Automatically scan jar packages by using ast to find fastjson gadgets. In particular, this project is limited to mining Gadgets that may be exploited, and screening results need to be excluded by t…

《深入理解CodeQL》Finding vulnerabilities with CodeQL.

《深入理解SAST静态应用安全测试》Static Application Security Testing.

java decompile audit tools

A declarative static analysis tool for jvm bytecode based Datalog like CodeQL

generate facts from bytecode (source is https://github.com/plast-lab/doop-mirror/tree/master/generators)

Generate all call graph for Java Code.

Programs for producing static call graphs for Java programs.

Open-source code analysis platform for C/C++/Java/Binary/Javascript/Python/Kotlin based on code property graphs. Discord https://discord.gg/vv4MH284Hc

《深入理解DAST动态应用程序安全测试》Dynamic Application Security Testing.

Tai-e assignments for static program analysis

CodeQL extractor for java, which don't need to compile java source

A neo4j procedure for tabby

带你畅游《软件分析》