codepathfinder
v0.0.33
Published
Code Pathfinder, the open-source alternative to CodeQL. Designed for precise flow analysis and advanced structural search, it identifies vulnerabilities in source code.
Maintainers
shivasuryaReadme
Code Pathfinder
An open-source security suite aiming to combine structural code analysis with AI-powered vulnerability detection.
Code Pathfinder is designed to bridge the gap between traditional static analysis tools and modern AI-assisted security review. While mature tools excel at pattern matching and complex queries, Code Pathfinder focuses on making security analysis more accessible, leveraging large language models to understand context and identify nuanced vulnerabilities, and integrated throughout the development lifecycle.
- Real-time IDE integration - Bringing security insights directly into your editor as you code
- AI-assisted analysis - Leveraging large language models to understand context and identify nuanced vulnerabilities
- Unified workflow coverage - From local development to pull requests to CI/CD pipelines
- Flexible reporting - Supporting DefectDojo, GitHub Advanced Security, SARIF, and other platforms
Built for security engineers and developers who want an extensible, open-source alternative that's evolving with modern development practices. Here are the initiatives:
- Code-Pathfinder CLI - Basic security analysis scanner better than grep
- Secureflow CLI - Claude-Code for security analysis powered by large language models with better context engineering
- Secureflow VSCode Extension - IDE integration for security analysis powered by large language models with better context engineering
:tv: Demo
Secureflow CLI
$ secureflow scan ./path/to/projectCode-Pathfinder CLI
docker run --rm -v "./src:/src" shivasurya/code-pathfinder:stable-latest ci --project /src/code-pathfinder/test-src --ruleset cpf/java:book: Documentation
:floppy_disk: Installation
:whale: Using Docker
$ docker pull shivasurya/code-pathfinder:stable-latestFrom npm
Secureflow CLI
$ npm install -g @codepathfinder/secureflow-cli
$ secureflow scan --helpCode-Pathfinder CLI
$ npm install -g codepathfinder
$ pathfinder --helpPre-Built Binaries
Download the latest release from GitHub releases and choose the binary that matches your operating system.
$ chmod u+x pathfinder
$ pathfinder --helpGetting Started
Read the official documentation, or run pathfinder --help.
Features
- [x] Graph-based structural queries
- [x] Source Sink Analysis
- [ ] Data Flow Analysis with Control Flow Graph
Usage
$ cd sourcecode-parser
$ gradle buildGo (or) npm install -g codepathfinder
$ ./pathfinder query --project <path_to_project> --stdin
2024/06/30 21:35:29 Graph built successfully
Path-Finder Query Console:
>FROM method_declaration AS md
WHERE md.getName() == "getPaneChanges"
SELECT md, "query for pane changes layout methods"
Executing query: FROM method_declaration AS md WHERE md.getName() == "getPaneChanges"
┌───┬──────────────────────────────────────────┬─────────────┬────────────────────┬────────────────┬──────────────────────────────────────────────────────────────┐
│ # │ FILE │ LINE NUMBER │ TYPE │ NAME │ CODE SNIPPET │
├───┼──────────────────────────────────────────┼─────────────┼────────────────────┼────────────────┼──────────────────────────────────────────────────────────────┤
│ 1 │ /Users/shiva/src/code-pathfinder/test-sr │ 148 │ method_declaration │ getPaneChanges │ protected void getPaneChanges() throws ClassCastException { │
│ │ c/android/app/src/main/java/com/ivb/udac │ │ │ │ mTwoPane = findViewById(R.id.movie_detail_container) │
│ │ ity/movieListActivity.java │ │ │ │ != null; │
│ │ │ │ │ │ } │
└───┴──────────────────────────────────────────┴─────────────┴────────────────────┴────────────────┴──────────────────────────────────────────────────────────────┘
Path-Finder Query Console:
>:quit
Okay, Bye!Acknowledgements
Code Pathfinder uses tree-sitter for all language parsers.