Rust Monorepo Analyzer (RMA) provides ultra-fast, native Rust-based code intelligence and security analysis for enterprise-scale monorepos. Utilizing advanced technologies like tree-sitter for polyglot parsing and rayon for parallel processing, RMA facilitates sub-minute scans of massive codebases, empowering developers with rapid insights into their projects.
Rust Monorepo Analyzer (RMA)
An ultra-fast, Rust-native code intelligence and security analysis platform designed specifically for large enterprise monorepositories. RMA employs advanced technologies such as tree-sitter for polyglot parsing, rayon for efficient parallel execution, and tantivy for rapid indexing, enabling sub-minute scans even on codebases containing millions of lines of code (LOC).
Key Features
- Polyglot Support: Analyze codebases written in various languages including Rust, JavaScript, TypeScript, Python, Go, and Java.
- Parallel Parsing: Multi-threaded Abstract Syntax Tree (AST) parsing with tree-sitter ensures performance optimization.
- Security Analysis: Identify security vulnerabilities, unsafe code patterns, and hardcoded secrets efficiently.
- Rich Diagnostics Output: Offers rustc-style error outputs with detailed source context and error codes, aiding in swift debugging.
- AI-Assisted Analysis: An optional feature that enhances the vulnerability detection process using artificial intelligence through the
--aiflag. - Comprehensive Code Metrics: Generate metrics such as cyclomatic complexity, cognitive complexity, and lines of code (LOC).
- Fast Full-Text Indexing: Powered by tantivy for quick searches across large codebases.
- Incremental Scanning: Focused scans only target files that have changed.
- Multiple Output Formats: Supports various formats including text, JSON, SARIF, and Markdown for versatile integration into CI/CD workflows.
- Real-time Watch Mode: Get live updates with a WebSocket-based architecture that includes interactive keyboard controls.
- HTTP API Support: The daemon mode facilitates easy integration with development environments via WebSocket.
- IDE Integrations: Official plugins for various IDEs including VS Code, Neovim, and JetBrains make implementation seamless.
- Plugin Support: Extend functionalities with custom rules using WASM plugins.
- External Providers Integration: Enhance analysis with tools like PMD for Java and Gosec for Go.
Supported Languages and Analysis Metrics
| Language | Extensions | Security Rules | Metrics |
|---|---|---|---|
| Rust | .rs | unsafe blocks, unwrap, panic | complexity, LOC |
| JavaScript | .js, .jsx, .mjs | XSS, injection, secrets | complexity, LOC |
| TypeScript | .ts, .tsx | XSS, injection, secrets | complexity, LOC |
| Python | .py | exec, shell injection, secrets | complexity, LOC |
| Go | .go | unsafe, SQL injection | complexity, LOC |
| Java | .java | injection, crypto issues | complexity, LOC |
Command-Line Interface (CLI)
Example Commands
# Scan the current directory
rma scan .
# Real-time scan with AI-enhanced analysis
rma scan ./src --ai
# Output results in JSON format for CI/CD integration
rma scan . --output json -f results.json
The platform supports a wide range of CLI commands offering flexibility to manage repository scans efficiently, check installation health, and monitor statistics. The integrated Doctor Command ensures a smooth user experience by providing diagnostics for RMA installation health.
Diagnostic Outputs and Error Codes
RMA generates rich, rustc-style outputs that include specific error codes, making it easier to trace issues back to their source.
RMA is positioned as an essential tool for modern software development, enhancing code security and maintainability across extensive enterprise environments.
No comments yet.
Sign in to be the first to comment.