graudit Frequently Asked Questions (FAQ)

What is graudit? graudit is a semantic static analys tool that highlights potential vulnerabilities in source code.

Who should use graudit? System administrators, developers, auditors, vulnerability researchers and anyone else that cares to know if the application they develop, deploy or otherwise use is secure.

What languages are supported? A large number, take a look in the readme, signatures/ directory or run graudit -l

Can you add support for language x,y,z? Sure! I can add support for almost any language, but if I don’t program in the language myself it is likely to have a high false-positive or even false-negative rate. If you can point me to an existing set of rules for a language I can convert these to graudit. Pull requests on github for improved signatures or new languages are most welcome.

Can I help? Sure you can! I could use help with anything and everything, improved rulesets, documentation, packaging, testing, etc. And if you’re unable to help with any of these you can tell someone else about graudit.