Measuring Energy Consumption of Different Security Static Analysis Tools and Configurations

Andrea Onofrei, Ayush Kuruvilla, Sahar Marossi, Yulin Chen.

Group 10.

Paper. Website. Source code.

This study introduces a reproducible framework for profiling the energy consumption of security-focused static analysis tools—Bandit and Semgrep—across varying configurations and codebases. By measuring CPU energy usage on three Python projects of increasing complexity, the research highlights how tool architecture and project size influence energy efficiency.The framework, was uploaded as the `sast-energy-monitor` PyPI package, can be further reused and developed,and helps developers align secure coding practices with sustainable software engineering goals.