Codeburner – security-focused static code analysis for everyone

at March 11th, 2016


Last year, the Application Security team set out to improve upon a challenging situation: with a single security team and such a large developer community, how do we keep on top of security analysis for the ever-increasing mountain of code?

The answer came about as the result of a GeekOn project to trigger automated static code analysis based on internal deployment notifications.

After some time in development adding features and getting things just right, we’re proud to announce the open source release of Codeburner!

What is Codeburner?

Codeburner uses the OWASP pipeline project to run multiple open source and commercial static analysis tools against your code, and provides a unified web interface to sort and act on the issues it finds.

Since the core backend and scanning engine is built on Rails, Codeburner also provides a full REST API for easy integration with other tools or an existing CI process.

Key Features:

  • Asynchronous scanning (via sidekiq) that scales
  • Advanced false positive filtering
  • Publish issues via GitHub or JIRA
  • Track statistics and graph security trends in your applications
  • Integrates with a variety of open source and commercial scanning tools
  • Full REST API for extension and integration with other tools, CI processes, etc.


You can find full documentation for Codeburner at

Get Involved!

If you’d like to contribute, fork us on GitHub and check out the Developer Guide.

No comments yet

Leave a Reply

Your email address will not be published. Required fields are marked *