Secure Software Engineering Group at Paderborn University and Fraunhofer IEM

FlowDroid

FlowDroid Static Data Flow Tracker

phasar

A LLVM-based static analysis framework.

DroidBench

A micro-benchmark suite to assess the stability of taint-analysis tools for Android

tamiflex

TamiFlex facilitates static analysis of programs that use reflection and custom class loaders

COVA

COVA - A static analysis tool to compute path conditions

TypeEvalPy

A Micro-benchmarking Framework for Python Type Inference Tools

swan

Security methods for WeAkNess detection

SootFX

A Static Code Feature Extraction Tool for Java and Android

sootdiff

SootDiff - Bytecode Comparison Across Different Java Compilers

secucheck

Soot-based taint analysis with internal Java fluent interface for security specifications in fluentTQL implemented with MagpieBridge to support multiple IDEs.

authcheck

Analysis for access-control vulnerabilities in Java Spring Security applications.

Jimple-Interpreter

Soot based Jimple interpreter

HeaderGen

HeaderGen annotates Jupyter notebooks using static analysis. Improves PyCG's call graph analysis by supporting external libraries and flow-sensitivity.

secucheck-core

Taint Analysis on top of Soot.

opcua-scanner

An opcua client scanning for servers in a network

achilles-benchmark-depscanners

Achilles - Benchmark for assessing OSS-Vulnerability Scanners 59

upcy

UpCy automatically finds compatible updates for Maven dependencies.

jadx-taintdoc

Jadx extended to ease documentation of taint flows

SparseBoomerang

Sparse Demand-Driven Pointer Analysis

neck

spring-petclinic-kotlin

Vulnerable version of the Spring PetClinic application in Kotlin

cards

Component-based Assumptions and Restrictions for Dataflow Specifications

CogniCrypt-IntelliJ

Static Code Analysis for Crypto-API misuse detection. IDE Plugin for IntelliJ and Android Studio

modguard

SparseIDE

Sparse IDE/IFDS solver and client implementation

CogniCrypt-CI-Integration

This repository contains code for a Jenkins adaptor for CogniCrypt which is based on warnings-ng-plugin https://github.com/jenkinsci/warnings-ng-plugin

FalseCrypt

mudarri

Source code of the Mudarri IntelliJ plugin, using rule graphs

secucheck-catalog

z3

The Z3 Theorem Prover