Graudit – Static Source Code Scanning Tool

graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility grep. It’s comparable to other static analysis applications like RATS, SWAAT and flaw-finder while keeping the technical requirements to a minimum and being very flexible.

Graudit - Grep Source Code Auditing Tool
Graudit – Grep Source Code Auditing Tool

The tool uses extended regular expressions (POSIX) as it’s signatures and comes with several databases ready for use. You can extend the existing databases or make your own if you require additional signatures.

Databases can be loaded from multiple locations, the order of precedence is as follows:

  1. Custom location specified via the GRDIR environment variable
  2. /usr/share/graudit/
  3. $HOME/.graudit/
  4. A relative signature/ directory
  5. A relative misc/ directory
  6. Any file that is specified with a full path, ie: /home/user/my.db
  7. Rules can be read from stdin by supplying – or /dev/stdin as the database

The vulnerabilities are identified based on regular expression in the signature that contain several languages including Python, Perl, PHP, C and the list is constantly updated with more detection such as adding signatures from the owasp code review guide and user may add new signature as required.

You can read more and download this tool over here:

Notify of
Inline Feedbacks
View all comments