For Code Auditors

Go Beyond grep to Analyze Your Code

Mine the Code Property Graph using a formal graph traversal language

Code auditors and vulnerability researchers practice their art largely using grep, because code analysis tools are too inflexible and dated.

ShiftLeft’s Ocular enables the detailed, complex mining of ShiftLeft’s Code Property Graph (CPG). The CPG includes syntax trees, control flow graphs, call graphs, data dependencies, and directory structures, to name a few, and an easy to use query language.

Ocular, and its predecessor, Joern, have been used by several organizations to find zero-day vulnerabilities in large complex code bases, such as the Linux kernel.

Read the Ocular Datasheet to learn more and see detailed code examples. Then start a 14 day free trial of Ocular in your environment.

Apply the same query across all your code (independent of programming languages)

Ocular converts programs for each supported programming language into an intermediate representation, adhering to the CPG specification. This allows the same query to be run across code bases written in multiple programming languages. Hence, Ocular queries can be used to apply and confirm standards quickly across the entire environment, regardless of the programming language.

Leverage the ShiftLeft platform to insert your custom queries into your SDLC

Custom queries written for Ocular can be submitted to ShiftLeft’s Code Analysis Solution, which integrates into DevOps pipelines. This allows code auditors and vulnerability researchers to scale their expertise across the organization.

The ShiftLeft platform integrates with build tools and code repositories so that Ocular queries can be run upon pull request, commit, or build. Furthermore, the results of queries can be seamlessly exported and integrated into the developer workflow toolchain (JIRA, GitHub, etc).