Horizontal-Transversal code-as-data
Code-as-data is a technique that via empiric results we have found to help in:
- Avoiding false positives because it grants relational context
- Asserting more vulnerabilities because it grants relational context
- Performing fast checks
We have however a delivery of value problem that we've not solved and that is complex to solve due to Neo4j's intrinsic required infrastructure
There are however in-memory/python-native alternatives that allow us to keep usability simple:
An alternative like that (cog may not be the only one out there) runs:
- On the CI via Skims
- On any python script (forces exploits)
- On a python REPL (easy to use for hackers)
And given it does not require special things, it avoids us to write checks twice (one in the traditional way and one in code-as-data version)
So someone can decide to use this new approach to write new checks, (or not depending on what suits him/her best) = transversal
And we can deliver value starting from the very first method written = horizontal
Once this delivery of value problem is solved, adding value is simple: just write more lang parsers/checks