YASA (Yet Another Static Analyzer) is an open-source static program analysis project. Its core innovation lies in a unified intermediate representation called the Unified Abstract Syntax Tree (UAST), designed to support multiple programming languages. Built on top of UAST, YASA provides a highly accurate static analysis framework. Users can extend its capabilities by writing custom checkers to perform various program analysis tasks—such as AST queries, data flow analysis, and function call graph analysis—and expose functionality through SDK, declarative query language (QL), or MCP.
As a project originally developed within a security team, YASA also comes with built-in taint analysis capabilities, implemented as a checker, to detect security vulnerabilities.
The YASA Project consists of:
- YASA-UAST
- YASA-Engine
- YASA-UQL
- YASA-MCP
- YASA-SDK
- xAST
For more information about the YASA Project, please visit here.
This project is the YASA-UAST component of the YASA Project.
YASA-UAST is an intermediate representation structure for multi-language program analysis. The UAST-Parser parses code from different programming languages into a unified abstract syntax format. Through UAST, source code in different languages can be converted into a standardized tree structure, enabling unified analysis and processing across multiple languages.
- Go language parser for UAST, parsing Go code into UAST.
- Java and JS language parsers for UAST, parsing Java, JS, and TS code into UAST.
- Python language parser for UAST, parsing Python code into UAST.
Welcome to submit issues if you encounter any problems!
For code contributions, please refer to CONTRIBUTION
Apache License 2.0 - Details in LICENSE Apache-2.0.
Thanks to all developers who have contributed to the YASA project! Special thanks to the open-source community for their support and feedback, enabling us to jointly advance the development of program analysis technology.
YASA - Making code analysis more precise, easier, and smarter.
