Leader badge

VCG is an automated code security review tool for C++, C#, VB, PHP, Java, PL/SQL and COBOL, which is intended to speed up the code review process by identifying bad/insecure code.
New beta functionality has been added for R.

It has a few features that should make it useful. In addition to performing some more complex checks it also has a config file for each language that basically allows you to add any bad functions (or other text) that you want to search for. It attempts to find phrases within comments that can indicate broken code and it provides stats and a pie chart (for the entire codebase and for individual files) showing relative proportions of code, whitespace, comments, 'ToDo'-style comments and bad code.

I've tried to produce something which searches intelligently for buffer overflows and signed/unsigned comparison in C, violations of OWASP recommendations in Java code, etc.

Current version: 2.3.2

Project Samples

Options Screen Summary Table Scan Results Visual Breakdown

Project Activity

See All Activity >

Categories

Security, Source Code Analysis, Code Review

Follow VisualCodeGrepper V2.3.2

VisualCodeGrepper V2.3.2 Web Site

Other Useful Business Software
Streamline Hiring with Skill Assessments Icon
Streamline Hiring with Skill Assessments

Say goodbye to hiring guesswork. Use Canditech’s job simulation tests to assess real-world skills and make data-driven decisions.

Canditech offers innovative, cheat-proof skill assessments and job simulations to transform your hiring process. From technical skills to soft skills, we help you assess candidates on actual job performance. With over 500 customizable tests and powerful video interview features, you can evaluate real-world capabilities, streamline your hiring, and reduce biases. Whether you’re hiring for remote roles, mass hiring, or looking to expand your diversity pool, Canditech’s data-driven platform ensures the right candidates are chosen for the job every time.
Get a Free Demo
Rate This Project
Login To Rate This Project

User Ratings

4.5 out of 5 stars
★★★★★
★★★★
★★★
★★
2
2
0
0
0
ease 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 4 / 5
features 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 4 / 5
design 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 4 / 5
support 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 3 / 5

User Reviews

Filter Reviews:
All
  • huym Posted 2016-12-14
    good
  • gmaran23 Posted 2014-11-19
    Thank you for the excellent work. I tried reverse engineering v 1.6 to support CLI so I could automate scans, but seems like v2.0 already supports it (haven't tried it yet though). When Microsoft CAT.NET went to oblivion, and with commercial tools are skyrocketing prices - VisualCodeGrepper is a viable and easy to use alternative! Will try v 2.0 at my earliest and share feedback. btw, VisualCodeGrepper is also mentioned on checkmarx blog under the title 'The Ultimate List of Open Source Static Code Analysis Security Tools'.
  • josemello Posted 2013-11-27
    Looks good! Can we have access to the source code ? The previous comment on the CI server is very pertinent, and I'd like to take a look and maybe provide a patch for it.
  • csfreebird Posted 2013-07-15
    Today, most of modern projects are using CI system, you offer a good project, thank you. But your app are Desktop, that means it cannot be integrated into CI system automatically. I assume nobody would like to call 'FindWindow' and 'SendMessage'.
    1 user found this review helpful.
Read more reviews >

Additional Project Details

Operating Systems

Windows

Intended Audience

Information Technology, Security

User Interface

Win32 (MS Windows)

Registered

2012-11-19
Report inappropriate content