CogniCrypt is an open source tool for static code analysis. It provides software developers information about the quality of their program code when it comes to the use of cryptography libraries. Fraunhofer IEM has integrated CogniCrypt at two points in the software development process at achelos: First, in the development environment, to give developers feedback on the misuse of the cryptography library as early as possible. Second, in continuous integration, which allows developers to access an overview of bug fixes over time. This integration has been extensively tested by achelos and has contributed to the continuous development of CogniCrypt. The software was further enhanced in accordance with Technical Guideline 02102-1 of the BSI standard with a ruleset that detects misuse of the most commonly used functions of the Bouncy Castle library (a collection of open-source cryptographic programming interfaces) and avoids security vulnerabilities at an early stage.
The project partners have jointly further developed CogniCrypt and made software development more secure and of higher quality. The current version of CogniCrypt is being used with success at achelos. The software development company's experts are also supported by the tool during code reviews and benefit from verification of properly used application interfaces.