https://blog.rodolpheg.xyz/tags/cpg/Recent content in CPG on RORO's blogHugofr-frcontact@rodolpheg.xyz (0xRo)contact@rodolpheg.xyz (0xRo)Tue, 05 Aug 2025 00:00:00 +0000https://blog.rodolpheg.xyz/posts/understanding-code-property-graphs/Tue, 05 Aug 2025 00:00:00 +0000contact@rodolpheg.xyz (0xRo)https://blog.rodolpheg.xyz/posts/understanding-code-property-graphs/<p>When I first started developing tools for source code auditing, my primary need was to track tainted data flows through complex codebases during manual code reviews. Initially, I turned to Tree-Sitter, which proved excellent for single-file analysis with its fast, incremental parsing capabilities. However, as I scaled to larger codebases with complex cross-file dependencies and data flows, Tree-Sitter&rsquo;s AST-only approach became limiting. The challenge wasn&rsquo;t just parsing individual files. It was understanding how data flows between functions, across modules, and through various execution paths during thorough manual security assessments.</p>