Cobra Static Code Analyzer

about papers manpages downloads

Cobra is a structural source code analyzer, fast enough that it can be used interactively. The tool prototype (Version 1.0) was developed at NASA's Jet Propulsion Laboratory late 2015, and released for general distribution about a year later.

Versions 2 and 3 of the tool are extended versions that can handle interactive analyses of code bases with up to millions of lines of code, while supporting a significantly richer online query scripting language. It also comes with multi-core support for many types of queries, including a new set of cyber-security related checks.

Starting with Version 3, the Cobra code is distributed in open source form at

Cobra can analyze C, C++, Ada, and Python, and can relatively easily be retargeted for other languages. The distribution includes sample query libraries and scripts.

A comprehensive online tutorial and demo of Version 3.1 of Cobra is available at this link: Online Tutorial (about 165 minutes total, in 8 parts, with exercises). (The current Cobra version is 3.5, which has a few extensions, but should be backward compatible with 3.1.)
If you just want to look at the demo, check this link: Demo (it's a little over 21 minutes).

For bug reports and additional information:
gholzmann atsign acm dot org