A Language-Independent Analysis Platform for Source Code
Abstract
In this paper, we present the CPG analysis platform, which enables the translation of source code into a programming language-independent representation, based on a code property graph. This allows security experts and developers to capture language level semantics for security analyses or identify patterns with respect to code compliance. Through the use of fuzzy parsing, also incomplete or non-compilable code, written in different programming languages, can be analyzed. The platform comprises an analysis library and interfaces to query, interact with or visualize source code graphs. This set of CPG tools allows finding common weaknesses in heterogeneous software environments, independently of the underlying programming language.
Turn this paper into a full lesson
ArcXiv compiles a staged curriculum from this paper: 8-12 lessons across beginner → advanced, synthesised section guides, visuals, flashcards, a quiz, exercises, and on-demand deep dives per section. Grounded in the abstract, never invented.