You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, we keep (the old version of codyze) in a separate repository. This PRs will serve as a central discussion point about a future Codyze, which might be directly integrated into the cpg library. The focus of the new Codyze will be a swiss army knife for code property graphs and will serve as the central and single CLI for users interacting with the CPG.
It can potentially replace
The cpg-console
The cpg-neo4j CLI (with both its JSON and neo4j modes)
Because of the points mentioned above, we are free to conduct development of this Codyze tool within the CPG repo. This has the advantage that codyze and the cpg libraries / frontends will always be in-sync, reducing the strain on maintenance. It will also mean that we do not have to re-implement the wheel 5 times, e.g., if we want to implement things such as SARIF support or a CPG query language. Codyze will have its own sub-folder with a dedicated README and we will point users that want to "experience" the CPG to the codyze CLI rather than the CPG library.
Modules / Subcommand
I envision a codyze CLI command that has multiple sub-commands that share a common pattern style, for things that we need more than once, e.g., configuration of a translation result or registering passes.
In any cases, the flag --console can be used to spawn a console after the individual module has been finished, to inspect or further work with the results using the Kotlin REPL (or a suitable alternative if it ever turns up).
The export command
The export command is responsible for exporting the analyzed graph into a persistence layer, such as Neo4J or JSON.
The bug-hunting command
The bug-hunting sub-command is responsible for executing pre-stored queries (probably in our query DSL) and can be used for bug hunting.
The compliance command
The compliance command is most similar to the "old" codyze and can be used for checking compliance of software artefacts against a pre-defined schema of requirements. This will most likely feature something like MARKv2.
cc @Fraunhofer-AISEC/sig-software-security
The text was updated successfully, but these errors were encountered:
Currently, we keep (the old version of codyze) in a separate repository. This PRs will serve as a central discussion point about a future Codyze, which might be directly integrated into the cpg library. The focus of the new Codyze will be a swiss army knife for code property graphs and will serve as the central and single CLI for users interacting with the CPG.
It can potentially replace
cpg-consolecpg-neo4jCLI (with both its JSON and neo4j modes)Mono-Repo Development
Because of the points mentioned above, we are free to conduct development of this Codyze tool within the CPG repo. This has the advantage that codyze and the cpg libraries / frontends will always be in-sync, reducing the strain on maintenance. It will also mean that we do not have to re-implement the wheel 5 times, e.g., if we want to implement things such as SARIF support or a CPG query language. Codyze will have its own sub-folder with a dedicated README and we will point users that want to "experience" the CPG to the codyze CLI rather than the CPG library.
Modules / Subcommand
I envision a
codyzeCLI command that has multiple sub-commands that share a common pattern style, for things that we need more than once, e.g., configuration of a translation result or registering passes.In any cases, the flag
--consolecan be used to spawn a console after the individual module has been finished, to inspect or further work with the results using the Kotlin REPL (or a suitable alternative if it ever turns up).The
exportcommandThe
exportcommand is responsible for exporting the analyzed graph into a persistence layer, such as Neo4J or JSON.The
bug-huntingcommandThe
bug-huntingsub-command is responsible for executing pre-stored queries (probably in our query DSL) and can be used for bug hunting.The
compliancecommandThe
compliancecommand is most similar to the "old" codyze and can be used for checking compliance of software artefacts against a pre-defined schema of requirements. This will most likely feature something like MARKv2.cc @Fraunhofer-AISEC/sig-software-security
The text was updated successfully, but these errors were encountered: