Knowledge Hub · concept
Concepts
The ideas behind explainable code analysis: BYOK, severity, CWE mapping, regulations.
- Privacy#privacy#ai#keyBYOK — Bring Your Own Key
BYOK means you bring your own AI provider key. Decoder never proxies AI calls through a shared account: your key, your billing, your privacy boundary.
- Security#security#malware#binaryEntropy in Malware Analysis
Entropy is a statistical measure of how 'random' the bytes in a file look. In malware analysis, abnormally high entropy is a strong signal that a section is packed, encrypted or otherwise obfuscated.
- Analysis#severity#risk#scoringSeverity Scoring — How Decoder ranks findings
Severity tells you what to fix first. Decoder normalises every finding into Critical / High / Medium / Low using signal strength, exploitability, and project context.
- Analysis#cwe#mitre#taxonomyCWE Mapping — Mapping findings to MITRE CWE
CWE (Common Weakness Enumeration) is the MITRE taxonomy of software weaknesses. Decoder attaches a CWE ID where applicable so findings are comparable across tools and reports.
- Malware#yara#malware#detectionYARA Rules — Pattern-based malware detection
YARA is a rule language used by malware analysts to describe families and behaviours. Decoder applies YARA-style heuristics during malware scans.
- Analysis#sast#static-analysis#securitySAST — Static Application Security Testing
SAST inspects source code to find security weaknesses before runtime. Decoder ships SAST as a free, no-key feature across 20+ languages.
- Security#supply-chain#slsa#sbomSupply Chain Security — Trusting what you ship
Supply chain security is about trusting the code you didn't write. Decoder helps inventory and inspect that surface during analysis.
- Compliance#eu#ai-act#complianceEU AI Act — What it means for code analysis
The EU AI Act (Regulation 2024/1689) sets obligations on providers and deployers of AI. For code analysis, transparency and data control are the levers that matter most.
- Compliance#gdpr#privacy#euGDPR — Code analysis and personal data
GDPR governs personal data in the EU. Even code can carry personal data (logs, fixtures, PII in test files). Decoder's defaults minimise exposure.
- Malware#lockbit#ransomware#case-studyLockBit 3.0 — Case study in Decoder
LockBit 3.0 leaked source provided a real-world benchmark. This entry walks through what Decoder flags and why — useful as a reference for ransomware patterns.