ScubaTrace

ScubaTrace#

ScubaTrace is a code analysis toolkit that leverages tree-sitter and LSP (Language Server Protocol) to provide parsing, analysis, and context extraction capabilities for multiple programming languages.

Unlike most traditional static analysis tools that rely on compilation to extract Intermediate Representation (IR) for code analysis, ScubaTrace delivers analysis capabilities even when code repositories are incomplete or unable to compile. This resilience makes it particularly valuable for scenarios where traditional analysis approaches would fail, enabling developers and security researchers to gain insights from code that might otherwise be inaccessible to conventional static analysis methodologies.

ScubaTrace serves as a portable analysis solution for IDE development, AI-powered coding tools, and SAST (Static Application Security Testing).

ScubaTrace

Install#

  1. Install ScubaTrace:

pip install scubatrace

Note

If you encounter a pygraphviz installation failure during pip install, you need to install the Graphviz development package. You can install it using the following command:

# For Debian/Ubuntu
apt install libgraphviz-dev
# For macOS, Ref: https://pygraphviz.github.io/documentation/stable/install.html#homebrew
brew install graphviz

  1. Import it to your project:

import scubatrace

Features#

  • Multi-Language Support

  • No Need To Compile

  • Statement-Based AST Abstraction

  • Code Call Graph

  • Code Control Flow Graph

  • Code Data/Control Dependency Graph

  • References Inference

  • CPG Based Multi-Granularity Slicing

  • Built on Tree-sitter and LSP

Supported Languages#

ScubaTrace supports multiple programming languages, including:

Language

Language Server

Tree-sitter Parser

Maturity

C/C++

clangd

tree-sitter-cpp

High

Java

Eclipse JDT LS

tree-sitter-java

High

Python

Pyright

tree-sitter-python

High

JavaScript

typescript-language-server

tree-sitter-javascript

Medium

Go

gopls

tree-sitter-go

Medium

Rust

Rust Analyzer

tree-sitter-rust

Medium

Ruby

Solargraph

tree-sitter-ruby

Low

Swift

SourceKit-LSP

tree-sitter-swift

Low

C#

OmniSharp

tree-sitter-c-sharp

Low

PHP

phpactor

tree-sitter-php

Low

Reference#

scubatrace.Project

A codebase project with a specified path and language.

scubatrace.File

A source code file in a project.

scubatrace.Function

A function in the source code.

scubatrace.Statement

A statement in the source code.

scubatrace.Identifier

An identifier in the source code.

scubatrace.Parser

A parser for a specific programming language using tree-sitter.

scubatrace.Language

Represents a programming language supported by ScubaTrace.

Source Code#

GitHub: SunBK201/ScubaTrace

Contents