An Intellyx Brain Candy Brief
Backslash tooling scans application code for open source vulnerabilities and source code weaknesses.
Their innovative technique leverages the “middle end” of a compiler sequence (programming language compilers typically have front, middle, and back ends) to detect the code’s data flow, construct the code’s control flow graph, and identify “dead” code for the “reachability” analysis.
The reachability analysis allows Backslash to ignore code paths that are not actually executed (i.e. not reachable). Modern languages typically import packages with code that isn’t actually used, for example.
While traditional static code analysis tools scan the unreachable code, Backslash ignores it. This significantly reduces the number of false positives and highlights priority issues.
Backslash currently supports Java, JavaScript, TypeScript, Python, Rust, C++, Go, .NET, and Ruby, and is adding more languages.
Backslash generates a “reachability” graphic for open source vulnerabilities, identifies the source code snippet for code issues, and maintains a database of common code weaknesses.
Copyright © Intellyx BV. Intellyx is an industry analysis and advisory firm focused on enterprise digital transformation. Covering every angle of enterprise IT from mainframes to artificial intelligence, our broad focus across technologies allows business executives and IT professionals to connect the dots among disruptive trends. None of the organizations mentioned in this article is an Intellyx customer. No AI was used to produce this article. To be considered for a Brain Candy article, email us at pr@intellyx.com.
