Atom is a novel intermediate representation for applications and a standalone tool. The intermediate representation is optimized for operations typically used for application analytics and machine learning, including slicing and vectoring.
Our vision is to make atom useful for many use cases, such as:
- Supply-chain analysis: Generate evidence of external library usage, including data flow from sources to sinks. Projects such as OWASP cdxgen use atom to improve the precision and comprehensiveness of the generated CycloneDX SBoM and SaaSBoM documents.
- Vulnerability analysis: Describe vulnerabilities with evidence of affected symbols, call paths, and data flows. Enable variant and reachability analysis at scale.
- Exploit prediction: Predict exploits using precise representations of vulnerabilities, libraries, and applications.
- Threat-model and attack vectors generation: Generate precise threat models and attack vectors for applications at scale.
- Application context detection: Generate context useful for summarization and risk-profile generation (e.g., services, endpoints, and data attributes).
- Mind-maps for applications: Automate summarization of large and complex applications as a developer tool.