Open source application from Microsoft Application Inspector is source code analyzer built for surfacing features of interest and other characteristics to answer the question 'what's in it' using static analysis with a json based rules engine.
Ideal for scanning components before use or detecting feature level changes.
Application Inspector's primary objective is to identify source-code features in a systematic and scalable way not found elsewhere in typical static analyzers. This enables developer and security professionals to validate purported component objectives, eg, a string padding library only does what it says," Microsoft explains in a wiki.
Application Inspector produces a browser-based report that summarizes the major characteristics identified, including application frameworks, cloud interfaces, cryptography, sensitive data like access keys, personally identifiable information, operating system functions, and security features.
You can download it for free on github: https://github.com/Microsoft/ApplicationInspector