AI static code analysis
The Metabob advantage
Metabob uses a combination of graph-attention neural networks (GNNs) generative AI to improve software performance and security.
With this, Metabob can detect problems that aren't detected by traditional, rules-based, static code analysis tools such as SonarQube. The detected problems range from race conditions & memory leaks to unhandled edge cases.
GNNs and BERTopic
Metabob is an ensemble AI system for classifying, identifying and explaining non-deterministic faults within source code. BERTopic based topic modeling is used to build seed data sets. For doing so, the underlying reasons behind particular classes of code changes are collected, extracted from the surrounding documentation behind each code change.
This allows to conduct supervised training of a classifier using an extended version of the Abstract Syntax Tree (AST). This is parsed from the source code and used as the input vectors to a GNN. The fault class, as determined by BERTopic, is used as the output class per node in the GNN.
Generative AI
Metabob then generates explanations and code suggestions for fixes via a language model. These are built on a context vector from the topic labels, the source code, and portions of the online documentation, docstrings, headers, and other non-local information (readme’s, etc.). This results in simple explanations of the underlying issue behind a particular code change.
All Features
AI static code analysis
Unique AI model to detect complex, logical and context-based problems and vulnerabilities
Rule-based static code analysis
Problem and vulnerability detection based on popular pre-set rules
Developer productivity dashboard
Overview of your team’s productivity to plan better and improve efficiency
Code quality insights
Code quality score with actionable insights to improve performance
Continuous analysis
Integrate to automatically run with all pull requests or commits
Integrate with your SCM provider
Works with GitHub, BitBucket, GitLab
IDE integration (Beta)
Integrate with VSCode to get code recommendations to prevent bugs and improve code quality
CLI tool (Beta)
Improve your code quality and security by calling Metabob directly through your CLI
False positive rate
Metabob understands context and code logic - thereby reduces noise with accurate analyses
OWASP Top 10 and
CWE top 25
Prevent your code from critical risks recommended by OWASP & CWE
Hardcoded secrets detection
Detect security credentials and sensitive data in your code
On-premise deployment
Designed for teams who host code on their own servers
Webhooks and API access
Integrates directly with your toolchain