Visual Code Grepper

Visual Code Grepper is an automated code security review tool that handles C/C++, Java, C#, VB and PL/SQL. It has a few features that should hopefully make it useful to anyone conducting code security reviews, particularly where time is at a premium:
1. In addition to performing some more complex checks it also has a config file for each language that basically allows you to add any bad functions (or other text) that you want to search for.
2. It attempts to find a range of around 20 phrases within comments that can indicate broken code ("ToDo", "FixMe", "Kludge", etc.)
3. It provides a nice pie chart (for the entire codebase and for individual files) showing relative proportions of code, whitespace, comments, "ToDo" style comments and bad code.
It also searches intelligently to identify buffer overflows and signed/unsigned comparisons.



Download the installer from Sourceforge or Github.
Run the installer to begin the installation.


You can start the GUI application by clicking in the icon that is generated in your desktop or run VCG using command line:

Basic run
Visualcodegrepper.exe -c -v -l -t  --results 
Visualcodegrepper.exe -c -v -l PHP -t C:\ --results C:\vgc_cli_results.txt