What makes DeepCode different to other static code analysis tools is that it uses AI to understand the developer’s intent behind the code - and not only syntax mistakes.
Our bot processes hundreds of millions of commits in open source software projects and compares a variety of fixes for the same bug or security issue. DeepCode then automatically infers new rules and suggests them to developers who have the same intent but an incorrect or inefficient solution. By applying these rules to hundreds of thousands of repositories, DeepCode learns for example which library functions are sensitive to unsanitized data and which functions are providing external, tainted data.
This allows DeepCode to build a holistic database of different coding practices and library metadata: “the knowledge of the global development community”. And, to find bugs that other tools don’t.
Some issues DeepCode’s static code review identifies: