Hacker News new | ask | show | jobs
by tossaway9000 1644 days ago
CodeQL will do this for some languages, the kind of bugs I've seen it identify have been pretty impressive, I'm sure there are some other static analyzers that can do this as well.
1 comments
alcover 1644 days ago
Thank you. This tool is on the heavy side, with its seemingly own query language.

I was rather thinking of a specialized scanner (say only for C sources) that just looks for definite classes of vulns, not necessarily scriptable.

link
tossaway9000 1643 days ago
CodeQL comes with a bunch of pre-configured queries for the language you're using (at least when running on Github enterprise)
link