[this includes some relevant work completed before the project started]

Software

• jelly - a JavaScript/TypeScript static analyzer for call graph construction, library usage pattern matching, and vulnerability exposure analysis
• daleq - Datalog-based Binary Equivalence - a tool for the comparison of binaries from alternative / reproduced builds, currently being used or evaluated by Oracle and Google. [paper]
• shade detector - a tool to find vulnerable clones in Maven Central, has lead to several GHSA updates, including for CVE-2021-44228 (aka log4shell) [paper]