Key Features
Frictionless Deployment
Statically linked and distributed as a single, self-contained binary. No complex toolchain setups required on your build agents.
Deep AST Analysis
Performs accurate Abstract Syntax Tree parsing alongside cross-file aggregation to detect semantic issues and vulnerabilities across unit boundaries.
CI/CD Ready Output
Results are exported as standard CSV (CWE, Checker, Filename, Line, Tool, Comments) making it simple to ingest into existing vulnerability management pipelines.
What Pragmatic Detects
Pragmatic focuses on real-world correctness and security issues found in Ada applications. It maps findings directly to CWEs.
Security Weaknesses
- Hardcoded credentials, keys, and network addresses
- Insecure random number generation
- Weak cryptography (Hash/Cipher algorithms)
- Insecure temporary file usage
- SQL and Path concatenation vulnerabilities
- Log leaks containing sensitive data
Memory & Concurrency
- Uninitialized variable access
- Null pointer dereferences
- Double-free and use-after-free
- Dangling tasks and unhandled task aborts
- Resource and file descriptor leaks
Ada-Specific Correctness
- Unchecked Conversions and Access violations
- Empty synchronization blocks
- Invalid Exception Handling (catch-all)
- Obsolete or unsafe Pragma/Aspect usage
- Dead code and constant condition detection
Usage Example
$ ./bin/pragmatic --jobs 4 --output results.csv src/
Supports configuring parallel worker tasks, specific file extensions, and enabling/disabling individual checkers on demand.