Open-source application from Microsoft Application Inspector is a source code analyzer built for surfacing features of interest and other characteristics to answer the question 'what's in it' using static analysis with a JSON based rules engine.
Ideal for scanning components before use or detecting feature-level changes.
Application Inspector's primary objective is to identify source-code features in a systematic and scalable way not found elsewhere in typical static analyzers. This enables developer and security professionals to validate purported component objectives, eg, a string padding library only does what it says," Microsoft explains in a wiki.
Application Inspector produces a browser-based report that summarizes the major characteristics identified, including application frameworks, cloud interfaces, cryptography, sensitive data like access keys, personally identifiable information, operating system functions, and security features.