Reshift's JavaScript Technology

A scanning speed of 9 milliseconds per line of code. Security doesn't have to slow you down.

Analyze one of your respositories with GitHub, BitBucket, or GitLab

Reshift's Technology and Performance Advantage

Reshift is built using revolutionary technology, architected in a way to optimize scanning and execution speed across each part of the scanner.

 

There are many areas in the Reshift scanning pipeline that we are really excited about. However, there are three primary areas that helps us achieve superior performance and accuracy.

1. Syntactic Translation to Logical relations:

Performance innovation in Reshift starts by how the source code is transformed to a form that can be analyzed easily.

Using our proprietary technology, Reshift turns code into data, in a structure optimized for analyses such as call and taint flow.

The data extracted from the codebase is stored in a database-like relational format. Following this, the rules for finding vulnerabilities serve as queries over this data. This architecture technique allows Reshift to scale with large sized applications as well as with untyped languages such as JavaScript.

2. An Advanced Datalog Engine

Datalog is a declarative logic programming language that is syntactically a subset of Prolog. Its declarative nature makes Datalog more suitable for writing custom program analyzers than a general purpose programming language. Additionally, its declarative nature makes Datalog a much easier target for optimization than its imperative siblings – C++, Java, etc. In our tools we have implemented several proprietary compiler optimizations that make our Datalog engine very fast!

3. Futamura Projections

Reshift’s Datalog engine initially acts as an interpreter. It takes as input a set of logic rules, and a representation of your codebase, and outputs a set of vulnerability findings.

Futamura projections are a concept in compiler generation which uses partial application to “freeze” the rules part of the input, and get a natively compiled version of the same program.

Using Futamura projections, we curry and partially apply our compiler tools! What comes out are native parallel scanners that are blazing fast and can be customized to specific customers’ needs at the click of a button!

Ready to get started?

A light-weight JavaScript code security tool built for developers to code securely, fix quickly, and deploy fast.