Skip to content

CodeSecTools

Logo

A framework for code security that provides abstractions for static analysis tools and datasets to support their integration, testing, and evaluation.

Installation

pip install .

Usage

  • CLI command:
cstools
  • Python module:
from pathlib import Path
from codesectools.sasts.SemgrepCE.sast import SemgrepCESAST
my_sast = SemgrepCESAST()
my_sast.run_analysis(
    lang="java", 
    project_dir=Path("my_project"), 
    output_dir=Path("/tmp/out")
)
# Results are saved in /tmp/out

print(list(Path("/tmp/out").rglob("*")))
# [PosixPath('/tmp/out/cstools_output.json'), PosixPath('/tmp/out/semgrep_output.json')]

For more information, check the API Reference

Documentation

The documentation is available online.

Or, you can build it locally: 

pip install .[docs]
mkdocs serve

Disclaimer

This project provides wrappers and scripts to integrate with various third-party static analysis security testing (SAST) tools and datasets. It is important to note that this project does not include these third-party tools or datasets, unless otherwise specified. When a tool or dataset is included, its associated license file is also provided.

Users of this project are solely responsible for reviewing, understanding, and complying with the licenses and terms of use associated with any third-party tools or datasets they choose to use through this framework. The respective licenses and terms can be found on the official websites or in the documentation of each tool or dataset.