Welcome to the Documentation of CogniCrypt_SAST

CogniCrypt_SAST is the static analysis component for CogniCrypt. It takes a set of rules written in the specification language CrySL as input, performs a static analysis based on these specifications and creates a report with all violations.

CogniCrypt_SAST provides the following features:

• A context-sensitive, field-sensitive and flow-sensitive typestate analysis using IDEal
• A context-sensitive, field-sensitive and flow-sensitive pointer analysis using Boomerang
• A CLI and API to analyze Java and Android applications
• Support for the static analysis frameworks Soot, SootUp and Opal
• A wide range of different error types that explain the violations of CrySL specifications
• An API to configure your own analysis

This documentation covers the following aspects:

• The installation and setup for the project
• A tutorial on how to use CongiCrypt_SAST for Java and Android applications
• A list with examples for all reported error types
• Examples of running CogniCrypt_SAST with a Java application
• A description of the API that allows the extension of CogniCrypt_SAST
• Information about contributing to this project