Domain overview
Code review shortens the path from root cause to credible remediation. It helps explain not just that something breaks, but exactly where the trust boundary failed and why it matters.
Selected public references
- Semgrep Documentationsemgrep.dev/docs/
- CodeQL Documentationcodeql.github.com/docs/
- OWASP Code Review Guideowasp.org/www-project-code-review-guide/
- MITRE CWEcwe.mitre.org/top25/archive/2024/2024_cwe_top25.html
- OWASP WSTG · 03 Source Code Reviewowasp.org/www-project-web-security-testing-guide/latest/2-Testing_Techniques_Explained/03-Source_Code_Review
- GitHub · github / codeqlgithub.com/github/codeql
Topic index
Foundations & Automated Source Code Auditing
Static review, dangerous sinks and implementation patterns that collapse trust at the code level.
C Source Code Auditing
Static review, dangerous sinks and implementation patterns that collapse trust at the code level.
Java Source Code Auditing
Static review, dangerous sinks and implementation patterns that collapse trust at the code level.
C# Source Code Auditing
Static review, dangerous sinks and implementation patterns that collapse trust at the code level.
Php Source Code Auditing
Static review, dangerous sinks and implementation patterns that collapse trust at the code level.
Node.js Source Code Auditing
Static review, dangerous sinks and implementation patterns that collapse trust at the code level.
Python Source Code Auditing
Static review, dangerous sinks and implementation patterns that collapse trust at the code level.
Go Source Code Auditing
Static review, dangerous sinks and implementation patterns that collapse trust at the code level.
Ruby Source Code Auditing
Static review, dangerous sinks and implementation patterns that collapse trust at the code level.
iOS Source Code Auditing
Mobile application behaviour under instrumentation, local-state review and transport validation.
Android Source Code Auditing
Mobile application behaviour under instrumentation, local-state review and transport validation.
Artifacts, Git, Docker & Dependency Auditing
Code review shortens the path between root cause and proof. This domain focuses on dangerous sinks, insecure patterns, framework assumptions, dependency risk and the review techniques that reveal exposure before runtime testing begins.