Knowledge Hub
A reference for code understanding and explainable static analysis
Capabilities, concepts, integrations and formats behind Decoder — each page is a standalone reference, written for the level of detail you need.
- capabilityAnalysis
Static Malware Analysis
Static malware analysis inspects code and binaries without executing them. Decoder runs it locally on your upload and surfaces suspicious patterns, entropy spikes and known indicators — no API key required.
#security#malware#static - conceptPrivacy
BYOK — Bring Your Own Key
BYOK means you bring your own AI provider key. Decoder never proxies AI calls through a shared account: your key, your billing, your privacy boundary.
#privacy#ai#key - capabilityAnalysis
Repository Analysis
Repository Analysis turns a codebase into something you can read, search and interrogate. Upload a ZIP or import a public GitHub project; Decoder indexes structure, runs static checks and gates AI features behind your own key.
#repo#github#zip - capabilityPrivacy
Local AI Inference
Local AI lets you use Decoder's explain and chat features against a model running on your own hardware via Ollama or LM Studio — useful when code cannot leave your environment.
#privacy#ai#local - integrationRuntime
Ollama with Decoder
Ollama is a lightweight runtime for serving open-weight LLMs locally. Decoder talks to it through its OpenAI-compatible endpoint.
#ai#local#ollama - integrationRuntime
OpenRouter with Decoder
OpenRouter is a unified API in front of many model providers. With BYOK you get access to dozens of models in Decoder from a single key.
#ai#cloud#openrouter - conceptSecurity
Entropy in Malware Analysis
Entropy is a statistical measure of how 'random' the bytes in a file look. In malware analysis, abnormally high entropy is a strong signal that a section is packed, encrypted or otherwise obfuscated.
#security#malware#binary - capabilityAnalysis
AI-Origin Detection
AI-Origin Detection estimates whether a code artefact was likely produced by an LLM, and explains why. The goal is informed review, not gatekeeping.
#ai#origin#review - capabilityAnalysis
Chat with Your Code
Chat with Your Code turns a repository into a queryable knowledge surface. Ask 'where is auth handled?' or 'what does this script do?' and get answers grounded in your actual files.
#chat#ai#repo - formatFormats
ZIP Archive Analysis
ZIPs are the most common way to ship code and the most abused way to ship malware. Decoder ingests a ZIP server-side with hardened guards and exposes its content for review.
#zip#archive#security - formatFormats
PowerShell Script Analysis
PowerShell is the workhorse of Windows post-exploitation. Decoder reads `.ps1` files statically and surfaces the patterns attackers rely on: encoded commands, `Invoke-Expression`, download cradles, AMSI bypasses.
#powershell#scripting#security - capabilityAnalysis
Binary (PE) Analysis
Decoder parses Windows PE binaries to expose the structural signals a reviewer needs: sections, imports, exports, per-section entropy and known IoCs.
#binary#pe#malware - conceptAnalysis
Severity Scoring — How Decoder ranks findings
Severity tells you what to fix first. Decoder normalises every finding into Critical / High / Medium / Low using signal strength, exploitability, and project context.
#severity#risk#scoring - conceptAnalysis
CWE Mapping — Mapping findings to MITRE CWE
CWE (Common Weakness Enumeration) is the MITRE taxonomy of software weaknesses. Decoder attaches a CWE ID where applicable so findings are comparable across tools and reports.
#cwe#mitre#taxonomy - conceptMalware
YARA Rules — Pattern-based malware detection
YARA is a rule language used by malware analysts to describe families and behaviours. Decoder applies YARA-style heuristics during malware scans.
#yara#malware#detection - capabilityMalware
Obfuscation Detection — Spotting hidden code
Obfuscation hides intent. Decoder flags suspicious entropy, base64 walls, eval chains, and packing markers so reviewers can focus on what's actually hidden.
#obfuscation#entropy#malware - capabilityAnalysis
Secret Detection — Finding leaked keys
A leaked key is the most common breach vector. Decoder combines provider-specific regex (AWS, GitHub, Stripe…) with entropy to flag secrets that don't belong in code.
#secrets#api-keys#credentials - capabilityAnalysis
Dependency Analysis — Inspecting third-party code
Most code in any modern project isn't yours. Decoder reads manifests and lockfiles to map the dependency surface and flag suspicious entries.
#dependencies#sca#supply-chain - conceptAnalysis
SAST — Static Application Security Testing
SAST inspects source code to find security weaknesses before runtime. Decoder ships SAST as a free, no-key feature across 20+ languages.
#sast#static-analysis#security - conceptSecurity
Supply Chain Security — Trusting what you ship
Supply chain security is about trusting the code you didn't write. Decoder helps inventory and inspect that surface during analysis.
#supply-chain#slsa#sbom - conceptCompliance
EU AI Act — What it means for code analysis
The EU AI Act (Regulation 2024/1689) sets obligations on providers and deployers of AI. For code analysis, transparency and data control are the levers that matter most.
#eu#ai-act#compliance - conceptCompliance
GDPR — Code analysis and personal data
GDPR governs personal data in the EU. Even code can carry personal data (logs, fixtures, PII in test files). Decoder's defaults minimise exposure.
#gdpr#privacy#eu - conceptMalware
LockBit 3.0 — Case study in Decoder
LockBit 3.0 leaked source provided a real-world benchmark. This entry walks through what Decoder flags and why — useful as a reference for ransomware patterns.
#lockbit#ransomware#case-study - integrationIntegrations
GitHub Integration — Import a repo by URL
Decoder accepts any public GitHub URL: it pulls the tree and runs the same analysis pipeline as a ZIP upload.
#github#repo#import - integrationIntegrations
LM Studio — Local inference with a GUI
LM Studio is a desktop app that runs LLMs locally with an OpenAI-compatible API. Decoder targets that endpoint when you choose local inference.
#lm-studio#local-ai#inference - integrationIntegrations
Anthropic Claude — BYOK provider
Anthropic's Claude family is a popular choice for code reasoning. Paste your Anthropic key in Settings and Decoder routes AI features through Claude.
#anthropic#claude#ai - integrationIntegrations
OpenAI GPT — BYOK provider
OpenAI's GPT family powers many code-review workflows. Add your key in Settings and Decoder routes AI features directly through OpenAI.
#openai#gpt#ai - integrationIntegrations
Google Gemini — BYOK provider
Gemini brings large context windows and competitive pricing. Add your Google AI Studio key in Settings and Decoder routes AI features through Gemini.
#google#gemini#ai - formatFormats
Python — Supported format
Python is a first-class format in Decoder. Upload a single .py, a ZIP, or import a GitHub repo and get static + malware findings.
#python#py#language - formatFormats
JavaScript & TypeScript — Supported formats
JavaScript and TypeScript are first-class in Decoder. Upload single files, ZIPs, or import a GitHub repo.
#javascript#typescript#js - formatFormats
Java — Supported format
Java is supported as a first-class format. Rules cover the common enterprise weakness classes mapped to CWE.
#java#jvm#language - formatFormats
Dockerfile — Supported format
Dockerfiles are configuration that becomes runtime. Decoder flags the common foot-guns before they hit your registry.
#docker#dockerfile#container