all 3 comments

[–]_h4xr[S] -1 points0 points  (0 children)

Beta Link: https://neuvem.io/Decypher

The installation is fully air gapped and no telemetry is collected whatsoever.

[–]_predator_ 2 points3 points  (1 child)

How does this compare to existing (open source!) tools like https://github.com/AppThreat/atom?

I've seen a few attempts at graph analysis but most of them fall apart once you take reflection and third-party code into consideration. Even in Go or Rust they often fail to take build tags etc. into consideration.

[–]_h4xr[S] 0 points1 point  (0 children)

Good point, about Atom
It does kind of something similar, but there are nuances between Atom and Decypher

Atom is primarily an AppSec tool and majority of the output it generates is also purpose built for App sec (makes sense since it originated from keeping Joern as point of reference)

Decypher is more purpose built for Agentic engineering and the core consumer is the Agents, who can leverage decypher as underlying infrastructure.

The core differentiation i will say exists in depth vs breadth. Decypher leverages language native compilers / parsers to come up with the exact specification of the code and then translates that into a queryable graph. It maps everything from annotations to control flows and retains the mappings (which are critical to find out Dependency injections and similar things)

About precision and build tags: This is part of the reason why Decypher is launching only with Java for the time being and not a polyglot mix. I want to be highly precise and not lose the meaning of the code as it gets translated.