Supported Languages

C

Yes

Manual

Buffer and memory-safety findings with contextual call-tree analysis.

C++

Yes

Manual

Includes modern C++ (17/20) projects with templated sinks.

C#

Yes

Manual

Supports ASP.NET MVC and API patterns, reports back through GitHub/Bitbucket.

Go

Yes

Available

SQLi, SSRF, auth bypass, and command injection; Autofix drafted for qualifying issues.

Java

Yes

Available

Supports Spring/Spring Boot, Jakarta EE, and servlet stacks with dataflow reasoning.

JavaScript

Yes

Available

Covers Node.js backends, Express, Next.js, and browser contexts; fixes drafted for high-confidence findings.

TypeScript

Yes

Manual

Shares the JavaScript analysis engine; fixes are reviewed manually before publication.

Kotlin

Yes

Manual

JVM and Android server-side use cases mapped via mixed Java/Kotlin projects.

PHP

Yes

Manual

Targets Laravel, Symfony, and raw PHP entry points with sink-driven reasoning.

Python

Yes

Available

Django, Flask, FastAPI, and data pipelines with reachability checks; Autofix available.

Ruby

Yes

Manual

Focus on Rails and Sinatra patterns, including mass-assignment and CSRF.

Scala

Yes

Manual

Supports Play and Akka HTTP services.

Terraform (HCL)

Yes

AWS S3, IAM, VPC, EKS, and encryption policies with blast-radius analysis.

AWS CloudFormation (YAML/JSON)

Yes

Reviews stack defaults, logging, encryption, and network exposure controls.

Azure Bicep

Yes

Focus on AKS, public ingress, identity, and storage hardening.

Kubernetes Manifests

Yes

Detects run-as-root, privilege escalation, network policy drift, and missing telemetry.

Container build files

Yes

Covers Dockerfile/Containerfile hardening, multistage hygiene, and base image posture.