Expand description
Code analysis and security scanning for Qryon
This crate provides metrics computation, vulnerability detection, and pattern-based analysis on parsed ASTs.
NOTE: This crate DETECTS security vulnerabilities - it does not contain them. The security rules detect dangerous patterns like unsafe code, code injection, etc.
§Modules
flow: Control flow and data flow analysis (CFG, taint tracking)knowledge: Framework-specific security knowledge basemetrics: Code metrics computation (complexity, LOC, etc.)providers: External analysis tool integrations (PMD, Oxlint, etc.)rules: Analysis rule trait and implementationssecurity: Security rules organized by languagesemantics: Language adapter layer for tree-sitter AST mapping
Modules§
- cache
- Analysis Cache for Incremental Scanning
- callgraph
- Cross-File Call Graph with Security Classification
- diff
- Diff-aware analysis for PR workflows
- flow
- Flow analysis module for scope resolution and taint tracking
- imports
- Import/Module Resolution
- knowledge
- Framework Knowledge Base
- metrics
- Code metrics computation
- project
- Project-Level Analysis Coordinator
- providers
- Linter providers for extended language support
- rules
- Rule trait and base implementations for security vulnerability DETECTION
- security
- Security module - DEPRECATED
- semantics
- Language Adapter Layer
- semgrep
- Semgrep rule integration
- ts_
query_ matcher - Tree-sitter query execution engine for embedded rules
Structs§
- Analysis
Summary - Summary of analysis results
- Analyzer
Engine - The main analysis engine
- File
Analysis - Results from analyzing a single file