Facebook Open-Sources ‘Mariana Trench’ Code Analysis Tool

From securityweek.com

Facebook’s security team on Wednesday pulled the curtain on Mariana Trench, an open-source tool that it has been using internally to identify vulnerabilities in Android and Java applications.

Named after the deepest oceanic trench on Earth, Facebook built Mariana Trench internally to handle the analysis of applications at scale, to help significantly reduce the risk of delivering security and privacy errors in production.

Designed to automate code analysis, this is the third static and dynamic analysis tool that Facebook has made public, following the release of Zoncolan and Pysa in 2019 and 2021.

Read more…