Cobra Static Code Analyzer

Versions 2 to 5 of the tool are extended versions that can handle interactive analyses of code bases with up to millions of lines of code, while supporting a significantly richer online query scripting language and a method for defining named pattern expressions as sets. It also comes with multi-core support for many types of queries, including a new set of cyber-security related checks.

Starting with Version 3, the Cobra code is distributed in open source form at github.com/nimble-code/Cobra.

Cobra can analyze C, C++, Ada, and Python, and can relatively easily be retargeted for other languages. The distribution includes a collection of sample query libraries and scripts.

Cobra Book (2025)
A book with a comprehensive overview of all usage options for the most recent version of Cobra is available from amazon. The book details the use of command queries, pattern expressions, and writing both sequential and parallel inline programs either for code analysis or for building standalone applications. It also discusses Cobra's new graphical user interface, and some unexpected applications of the tool, for instance for runtime verification and statistical code analysis.
Click the cover image on the right for the table of contents.

GUI
A graphical user interface to Cobra, written in Tcl/Tk, is part of the current GitHub distribution (in the directory named gui and in the bin-directories). An overview of the GUI can be found here. The GUI assumes that you have Cobra Version 4.1 or later installed.

Tutorial
A comprehensive online tutorial and demo of Version 3.1 of Cobra is available at this link: Online Tutorial (about 165 minutes total, in 8 parts, with exercises). (The current Cobra version is 5.1, which has quite a few more extensions, but should be backward compatible with earlier versions.)
If you just want to look at the demo, check this link: Demo (it's a little over 21 minutes).

For bug reports and additional information:
gholzmann atsign acm dot org