YASA is an open-source static program analysis project. Its core innovation lies in a unified intermediate representation called UAST, designed to support multiple programming languages. Built on top of UAST, YASA provides a highly accurate static analysis framework.
☆255Mar 5, 2026Updated 2 weeks ago
Alternatives and similar repositories for YASA-Engine
Users that are interested in YASA-Engine are comparing it to the libraries listed below
Sorting:
- YASA-UAST is an intermediate representation structure for multi-language program analysis. The UAST-Parser parses code from different pro…☆74Updated this week
- xAST评价体系,让安全工具不再“黑盒”. The xAST evaluation benchmark makes security tools no longer a "black box".☆467Jan 15, 2026Updated 2 months ago
- Holistic Concolic Execution for Dynamic Web Applications via Symbolic Interpreter Analysis (IEEE S&P 2024)☆15Oct 3, 2024Updated last year
- JavaRce complements project - use RASP to prevent vulnerabilities☆24Apr 22, 2024Updated last year
- The next-generation AI Agent framework driven by Intent Engineering. Move beyond turn-based Function Calling to embrace code-level intent…☆75Jan 11, 2026Updated 2 months ago
- A benchmark for Java gadget chain detecting algorithms.☆15Jun 20, 2025Updated 9 months ago
- A polyglot static analysis engine for detecting vulnerabilities in scripting languages native extensions based on joern.☆21Sep 1, 2025Updated 6 months ago
- Parsing-based Analyzer☆73Jun 8, 2025Updated 9 months ago
- Lessons for syntaxflow zero to hero☆55Sep 14, 2024Updated last year
- AIxCC: automated vulnerability repair via LLMs, search, and static analysis☆11Jul 16, 2024Updated last year
- ☆17Apr 7, 2023Updated 2 years ago
- Hacking GraalVM Espresso - Abusing Continuation API to Make ROP-like Attack☆36Aug 27, 2025Updated 6 months ago
- ☆206Oct 27, 2025Updated 4 months ago
- ☆43Jan 30, 2023Updated 3 years ago
- IDA Hexrays To Joern☆46Nov 7, 2024Updated last year
- Effective ReDoS Detection by Principled Vulnerability Modeling and Exploit Generation☆15Jul 24, 2025Updated 7 months ago
- 《深入JDBC安全:特殊URL构造与不出网反序列化利用技术揭秘》对应研究总结项目 "Deep Dive into JDBC Security: Special URL Construction and Non-Networked Deserialization Explo…☆572Feb 7, 2026Updated last month
- simpleIAST- 基于污点追踪的灰盒漏洞扫描工具。☆101Dec 23, 2025Updated 2 months ago
- Atropos: Effective Fuzzing of Web Applications for Server-Side Vulnerabilities☆75Aug 15, 2024Updated last year
- 基于msf的后渗透协作平台 -- 前端部分☆20Apr 3, 2024Updated last year
- The source code of [S&P'25] Detecting Taint-Style Vulnerabilities in Microservice-Structured Web Applications.☆66Nov 20, 2025Updated 4 months ago
- [SOSP'25] Automatic checker synthesis for system-level static analysis☆170Oct 26, 2025Updated 4 months ago
- ☆32May 1, 2025Updated 10 months ago
- The source code of project "LLift" (Enhancing static analysis with LLM)☆86Mar 5, 2024Updated 2 years ago
- Source-level code analysis toolkit for SAST, context engineering, and AI coding☆28Oct 12, 2025Updated 5 months ago
- 《深入理解CodeQL》Finding vulnerabilities with CodeQL.☆1,758Nov 21, 2023Updated 2 years ago
- Query-Based Code Analysis Engine☆348Sep 21, 2025Updated 6 months ago
- A declarative static analysis tool for jvm bytecode based Datalog like CodeQL☆345Jan 6, 2024Updated 2 years ago
- ☆11Sep 6, 2024Updated last year
- idea插件,快速生成反序列化中常用的方法,比如setFieldValue、createTemplatesImpl等☆29Oct 2, 2024Updated last year
- Extract entire function source code based on giving line number using Javaparser☆21Jul 15, 2025Updated 8 months ago
- A vul-finder for loading CPG and automated finding vul-call-chains☆72Jul 22, 2025Updated 8 months ago
- The source code of [Sec'25] Make Agent Defeat Agent: Automatic Detection of Taint-Style Vulnerabilities in LLM-based Agents☆60Sep 9, 2025Updated 6 months ago
- study_summary☆10Aug 8, 2022Updated 3 years ago
- A continuously updated collection of CodeLLM papers maintained by PurCL group @ Purdue☆612Jan 14, 2026Updated 2 months ago
- 之前方便自己研究RASP原理和绕过时顺手写的,用于快速启动和重置RASP环境☆71Oct 13, 2024Updated last year
- ☆23Apr 6, 2019Updated 6 years ago
- A curated list of awesome resources about LLM supply chain security (including papers, security reports and CVEs)☆96Jan 20, 2025Updated last year
- 无需文件落地Agent内存马生成器☆249May 30, 2024Updated last year