Visual Code Grepper (VCG)

Visual Code Grepper (VCG) is an open-source automated code security review tool developed by NCC Group that performs static analysis across C/C++, Java, C#, VB, PL/SQL, PHP, COBOL, and R to identify security vulnerabilities, insecure coding practices, and code quality issues including buffer overflows, SQL injection, XSS, banned functions, and suspicious code comments through pattern matching and complex security checks. The tool provides severity-rated results with color-coded output, visual code breakdowns with pie charts showing proportions of code quality metrics, customizable configuration files for language-specific security rules, and multiple export formats including XML and CSV to enable developers and security reviewers to accelerate code security assessments during time-constrained reviews throughout the software development lifecycle.