The composition analysis of binary Java, ELF, Go, and JavaScript apps
10-16, 14:10–14:15 (Europe/Luxembourg), Salle Europe

The composition binary analysis of apps and libraries can be a complex thing mixing multiple techniques. Let's review the techniques and FOSS tools to automate this analysis for binary formats such as bytecode, native Go and C/C++ ELFs and minified JavaScript.

I routinely analyze large app and system binaries to find out what they are made of and if they contain unknown software or vulnerable code.

I will highlight some useful FOSS tools such Lief, BANG,, Elf inspector tools to support this short talk.

Join me to discover how you can determine what software goes into a binary to get back to its corresponding source (in a white box context).

See also: Slides (266.4 KB)

I am a passionate FOSS hacker, lead maintainer of ScanCode, purlDB and VulnerableCode and on a mission to enable easier and safer to reuse FOSS code with best-in-class open source Software Composition Analysis (SCA) tools for open source discovery, license & security compliance at

I am also a co-founder of SPDX and the creator of Package URL (purl) a de-facto standard to identify packages in SBOMs, SCA tools and vulnerability database used throughout the industry.

This speaker also appears in: