Cobra Static Code Analyzer


about papers manpages downloads

Cobra is a structural source code analyzer, fast enough that it can be used interactively. The tool prototype (Version 1.0) was developed at NASA's Jet Propulsion Laboratory late 2015, and released for general distribution about a year later.

Versions 2 and 3 of the tool are extended versions that can handle interactive analyses of code bases with up to millions of lines of code, while supporting a significantly richer online query scripting language. It also comes with multi-core support for many types of queries, including a new set of cyber-security related checks.

Starting with Version 3, the Cobra code is distributed in open source form at github.com/nimble-code/Cobra.

Cobra can analyze C, C++, Ada, and Python, and can relatively easily be retargeted for other languages. The distribution includes sample query libraries and scripts.

New (Added Dec. 2019)
A comprehensive online tutorial and demo of the latest Version 3.1 of Cobra is available at this link: Online Tutorial (about 165 minutes total, in 8 parts, with exercises).
If you just want to look at the demo, check this link: Demo (it's a little over 21 minutes).

For bug reports and additional information:
gholzmann atsign acm dot org