Eclipse CogniCrypt produces a set of Eclipse Platform plug-ins, that assist developers with the generation of secure crypto-integration code; perform static analysis of existing crypto-integration code; suggest better/more secure integrations via quick fixes; and alert developers of security breaches of cryptographic algorithms.
Eclipse CogniCrypt will be restricted to supporting developers in using existing cryptographic APIs. The development of novel cryptographic APIs (or novel versions of existing crypto APIs) will be out of scope for this project.
The project will be specific to cryptographic libraries for popular programming languages, initially for Java, later maybe also for C/C++. The secure integration of security APIs that are not related to crypto is out of scope for this project.
The secure integration will be supported by development-time tooling including code generation and static analysis. The tooling is meant to work on incomplete programs. Hence, dynamic techniques such as dynamic analysis or dynamic security testing are out of scope for this project, as they would require a runnable program.