Alternatives and similar repositories for plume

Users that are interested in plume are comparing it to the libraries listed below

• secure-software-engineering / secucheck

  View on GitHub
  Soot-based taint analysis with internal Java fluent interface for security specifications in fluentTQL implemented with MagpieBridge to s…
  ☆18Jan 30, 2025Updated last year
• BytecodeDL / soot-fact-generator

  View on GitHub
  generate facts from bytecode (source is https://github.com/plast-lab/doop-mirror/tree/master/generators)
  ☆23Nov 24, 2024Updated last year
• OSUSecLab / TaintMini

  View on GitHub
  Detecting Flow of Sensitive Data in Mini-Programs with Static Taint Analysis
  ☆82Mar 19, 2024Updated last year
• ShiftLeftSecurity / overflowdb

  View on GitHub
  ShiftLeft OverflowDB
  ☆133May 22, 2025Updated 8 months ago
• Fraunhofer-AISEC / codyze

  View on GitHub
  Codyze is a static analyzer for Java, C, C++ based on code property graphs
  ☆91Jan 22, 2025Updated last year
• Fraunhofer-AISEC / cpg

  View on GitHub
  A library to extract Code Property Graphs from C/C++, Java, Go, Python, Ruby and every other language through LLVM-IR.
  ☆407Feb 6, 2026Updated last week
• ShiftLeftSecurity / codepropertygraph

  View on GitHub
  Code Property Graph: specification, query language, and utilities
  ☆559Feb 6, 2026Updated last week
• joernio / ghidra2cpg

  View on GitHub
  Code Property Graph (CPG) frontend for binary applications and libraries.
  ☆95Oct 28, 2021Updated 4 years ago
• plast-lab / doop

  View on GitHub
  The official repo of Doop, the declarative pointer analysis framework.
  ☆203Jun 4, 2025Updated 8 months ago
• BytecodeDL / graphdb-intellij-plugin

  View on GitHub
  neo4j plugin of ByteCodeDL for the IntelliJ Platform. ByteCodeDL-Neo4j-IDEA-Plugin
  ☆16Dec 28, 2023Updated 2 years ago
• fullwaywang / QlRules

  View on GitHub
  Auto-generated CodeQL rules for matching CVE vulnerabilities and variants.
  ☆184Sep 19, 2024Updated last year
• BytecodeDL / ByteCodeDL

  View on GitHub
  A declarative static analysis tool for jvm bytecode based Datalog like CodeQL
  ☆344Jan 6, 2024Updated 2 years ago
• QilinPTA / Qilin

  View on GitHub
  Qilin: A New Framework for Supporting Fine-Grained Context-Sensitivity in Java Pointer Analysis
  ☆146Jan 22, 2026Updated 3 weeks ago
• CodeShield-Security / SPDS

  View on GitHub
  Efficient and Precise Pointer-Tracking Data-Flow Framework
  ☆68Dec 10, 2024Updated last year
• ShiftLeftSecurity / llvm2cpg

  View on GitHub
  LLVM meets Code Property Graphs
  ☆96Feb 27, 2021Updated 4 years ago
• soot-oss / TaintAnalysis

  View on GitHub
  Taint analysis implementation based on Heros and Soot
  ☆45May 6, 2024Updated last year
• fynch3r / WALAStudy

  View on GitHub
  WALA 学习笔记
  ☆14Aug 8, 2023Updated 2 years ago
• wala / WALA-start

  View on GitHub
  Basic Gradle configuration and example drivers to get started with WALA
  ☆29Dec 2, 2024Updated last year
• Ant-FG-Lab / non_RCE

  View on GitHub
  ☆41Mar 10, 2021Updated 4 years ago
• CHYbeta / URLFilterBypassDemo

  View on GitHub
  ☆30Sep 13, 2021Updated 4 years ago
• silverbullettt / zipper

  View on GitHub
  Precision-guided context sensitivity for pointer analysis
  ☆61Jul 2, 2023Updated 2 years ago
• Feysh-Group / corax-community

  View on GitHub
  Corax for Java: A general static analysis framework for java code checking.
  ☆254Dec 3, 2024Updated last year
• noidsirius / SootTutorial

  View on GitHub
  A step-by-step tutorial for Soot (a Java static analysis framework)
  ☆449Dec 23, 2022Updated 3 years ago
• secure-software-engineering / SootFX

  View on GitHub
  A Static Code Feature Extraction Tool for Java and Android
  ☆21Jun 7, 2023Updated 2 years ago
• pascal-lab / java-benchmarks

  View on GitHub
  ☆12Nov 21, 2023Updated 2 years ago
• langston-barrett / treeedb

  View on GitHub
  Generate Soufflé Datalog types, relations, and facts that represent ASTs from a variety of programming languages.
  ☆80Updated this week
• ceclin / 0ctf-2021-finals-soln-buggy-loader

  View on GitHub
  solution to buggyLoader of 0CTF/TCTF 2021 Finals
  ☆20Sep 27, 2021Updated 4 years ago
• wala / WALA

  View on GitHub
  T.J. Watson Libraries for Analysis, with front ends for Java, Android, and JavaScript, and many common static program analyses.
  ☆833Feb 3, 2026Updated last week
• scotty-kdw / ARM-Analyzer

  View on GitHub
  Backward Taint Analysis (GUI) on Desktop : Analyzing trace log to determine exploitability by tracking data propagation
  ☆49Jan 6, 2017Updated 9 years ago
• secure-software-engineering / SPDS-experiments

  View on GitHub
  ☆11Oct 10, 2018Updated 7 years ago
• soot-oss / heros

  View on GitHub
  IFDS/IDE Solver for Soot and other frameworks
  ☆254Updated this week
• joernio / joern

  View on GitHub
  Open-source code analysis platform for C/C++/Java/Binary/Javascript/Python/Kotlin based on code property graphs. Discord https://discord.…
  ☆2,939Updated this week
• cokeBeer / goot

  View on GitHub
  a dataflow analysis framework implemented in Go, like soot
  ☆39Sep 22, 2022Updated 3 years ago
• hudangwei / codemillx

  View on GitHub
  codemillx is a tool for CodeQL, extract the comments in the code and generate codeql module. 强化Go开源项目安全检测(内含开源项目漏洞挖掘方法)
  ☆205Mar 19, 2022Updated 3 years ago
• LPhD / Jess

  View on GitHub
  Jess is short for Joern extended by Semantic Slicing. This tool allows you to import C code into a Code Property Graph, and then compute …
  ☆17May 22, 2024Updated last year
• zbazztian / codeql-debug

  View on GitHub
  ☆72Mar 26, 2022Updated 3 years ago
• meizjm3i / PHPVulFinder

  View on GitHub
  PHP Static Program Analysis
  ☆42Mar 29, 2023Updated 2 years ago
• binarly-io / idapcode

  View on GitHub
  IDA plugin that displays the P-code for the current function
  ☆72Nov 18, 2025Updated 2 months ago
• alipay / ant-application-security-testing-benchmark

  View on GitHub
  xAST评价体系，让安全工具不再“黑盒”. The xAST evaluation benchmark makes security tools no longer a "black box".
  ☆460Jan 15, 2026Updated 3 weeks ago