Help & Documentation
Everything you need to get started with LadderScan
Contents
Getting Started
LadderScan is a static analysis and security scanner for IEC 61131-3 PLC programs — Structured Text, Function Block Diagram, and Ladder Logic. It runs entirely in your browser using WebAssembly — no installation, no uploads, no server-side processing.
Quick Start
- Open the Scanner
- Load your
.stfiles by dragging them into the Files panel, or use File → Add File(s) - Click Analyze (or Scan → Analyze Code)
- Review findings in the Results panel — click any finding to see it in context
- Apply auto-fixes where available, or edit code directly
Want to try it out first? Select an example from the Examples dropdown to load pre-built scenarios demonstrating different types of issues.
Loading Files
Drag & Drop
Drag one or more .st or .txt files directly onto the Files panel. You can also drag entire folders — LadderScan will recursively find all Structured Text files.
File Dialog
Use File → Add File(s) or the 📂 Open toolbar button to open your operating system's file picker. Multiple files can be selected at once.
New Files
Click File → New Project to start fresh, or use the + New button in the Files panel header to add a blank file to your existing project.
Editing
Click any file in the Files panel to open it in the code editor. The editor supports direct editing — modified files are marked with an asterisk (*). Use File → Save File to download the current file, or File → Save All Modified to download all changed files.
Scanning Your Code
Click the Analyze button or use Scan → Analyze Code to run the scanner. LadderScan performs:
- Syntax checking — catches missing semicolons and structural errors
- Single-file analysis — 38 detection rules covering safety, security, timing, data integrity, and code quality
- Cross-file analysis — detects shared output conflicts, missing interlocks, and circular dependencies across multiple files
Analysis runs instantly in your browser via WebAssembly. Results appear in the Results panel, sorted by severity.
Understanding Findings
Findings are categorized by severity:
Critical — Immediate safety or security risk. Hard-coded credentials, safety bypass, shared output conflicts. Must be fixed before deployment.
High — Significant issues. Missing emergency stops, infinite loops, latched outputs without reset. Should be fixed promptly.
Medium — Code quality and robustness. Hardcoded limits, missing input validation, potential overflow. Should be addressed.
Syntax — Structural errors in the code. Missing semicolons, malformed blocks. Must be fixed for the code to compile.
Each finding includes:
- Rule ID (e.g., LS001) — click to see the full rule description on the Rules page
- File and line number — where the issue was found
- Description — what the issue is and why it matters
- Suggestion — guidance on how to fix it
- Auto-fix indicator — whether an automatic fix is available
Use the severity filter buttons at the top of the Results panel to focus on specific severity levels.
Reviewing & Fixing Issues
Code Review Mode
Click View in Code on any finding to enter Review Mode. The code editor highlights the problematic lines:
- Red lines — code that should be removed or replaced
- Green lines — suggested replacement code
- Orange lines — highlighted issues without auto-fix (manual review needed)
- Purple lines — syntax errors with wavy underlines
Applying Fixes
When an auto-fix is available, click the Apply button on the green suggested code. LadderScan replaces the problematic code and automatically re-analyzes to update results.
Click anywhere else in the code view to exit Review Mode and return to editing.
Manual Fixes
For findings without auto-fix, read the suggestion, then edit the code directly in the editor. Click Analyze again to verify your fix.
Exporting Results
Security Report (JSON)
File → Export → Security Report generates a comprehensive JSON report containing:
- All findings with severity, rule ID, file, line, and description
- File list and metadata
- Scan timestamp and LadderScan version
This report can be imported into security dashboards, CI/CD pipelines, or compliance documentation.
Project ZIP
File → Export → Project ZIP bundles all your loaded files into a downloadable ZIP archive. Useful for saving your work or sharing with colleagues.
SARIF & SBOM
LadderScan also generates standard output formats when run via the CLI:
- SARIF — Static Analysis Results Interchange Format, compatible with GitHub, Azure DevOps, and other code scanning platforms
- CycloneDX SBOM — Software Bill of Materials for supply chain integration
Menu Reference
| Menu | Action | Description |
|---|---|---|
| File | New Project | Clear all files and start fresh |
| File | Add File(s)... | Open file picker to load .st/.txt files |
| File | Export → Security Report | Download findings as JSON |
| File | Export → Project ZIP | Download all files as ZIP |
| File | Save File | Download the currently open file |
| File | Save All Modified | Download all modified files |
| Scan | Analyze Code | Run the scanner on all loaded files |
| Help | Help Page | This page |
| Help | About | Version and copyright info |
Supported Formats
Input
.st— IEC 61131-3 Structured Text (primary format).txt— Plain text files containing Structured Text.xml— PLCopen XML containing Function Block Diagram (FBD) or Ladder Logic (LD).ld— ASCII ladder logic text notation (e.g.,--| Start |--( Motor )--)
All Three IEC 61131-3 Languages
LadderScan supports the three most widely used IEC 61131-3 programming languages:
- Structured Text (ST) — Text-based, similar to Pascal/C. Preferred for complex math and state machines.
- Function Block Diagram (FBD) — Graphical blocks connected by wires. Preferred for process control (chemical plants, HVAC). Imported via PLCopen XML.
- Ladder Logic (LD) — Graphical relay-style diagrams with contacts and coils. The original PLC language, widely used by electricians and plant engineers. Imported via PLCopen XML or ASCII text notation.
FBD and LD programs are automatically lowered to equivalent Structured Text, then analyzed with the full set of 40 detection rules. The visual Diagram view shows the original graphical representation alongside findings.
PLC Compatibility
LadderScan analyzes standard IEC 61131-3 Structured Text. Code exported from the following environments is supported:
- Schneider Electric — EcoStruxure Control Expert (Unity Pro), SoMachine, Machine Expert
- Rockwell Automation — Studio 5000 (ST routines)
- Siemens — TIA Portal (SCL/ST exports)
- CODESYS — any CODESYS-based IDE
- Beckhoff — TwinCAT 3
- B&R — Automation Studio
- Phoenix Contact — PLCnext Engineer
Privacy & Security
Your Code Never Leaves Your Browser
LadderScan runs 100% client-side using WebAssembly. Your Structured Text code is processed entirely in your browser — nothing is uploaded, transmitted, or stored on any server.
This means:
- No server-side processing — the WASM engine runs locally
- No telemetry or session tracking — we don't run analytics scripts
- No data collection — we never see your code
- Works offline — once the page is loaded, no internet connection is needed
- Air-gapped compatible — deploy on isolated networks via the CLI
This architecture was chosen specifically for industrial and critical infrastructure environments where code confidentiality is non-negotiable.
Analysis Engine
🔬 Deep Code Analysis, Not Just Pattern Matching
LadderScan uses a custom-built AST (Abstract Syntax Tree) parser for IEC 61131-3 Structured Text. Instead of relying solely on regular expressions, the engine parses your code into a full syntax tree — enabling accurate, context-aware detection of safety and security issues.
- 30+ rules use deep AST analysis for precise, structure-aware detection
- 3 rules (LS009, LS116, LS117) use cross-file analysis to detect issues across multiple programs in a project
- Graceful fallback: if the AST parser encounters unsupported syntax, regex-based analysis still runs automatically — you'll see a warning banner but never lose coverage
🏷️ Detection Method Indicators
Each finding in the scan report shows a colored pill indicating how it was detected:
- AST — Detected via deep Abstract Syntax Tree analysis
- REGEX — Detected via pattern matching
- CROSS-FILE — Detected via multi-program cross-file analysis
AST-based rules provide higher accuracy with fewer false positives, as they understand code structure rather than just text patterns.
Detection Standard Coverage
The LadderScan detection standard covers six categories of industrial code issues across 38 rules:
- Safety Interlocks — missing emergency stops, unguarded outputs, bypass detection
- Timing & State — watchdog timers, race conditions, state machine integrity
- Data Integrity — overflow risks, uninitialized variables, type mismatches
- Code Quality — dead code, naming conventions, complexity metrics
- Advanced Safety — redundancy validation, failsafe patterns, diagnostic coverage
- Security — hardcoded credentials, insecure communication, access control gaps
All analysis runs entirely client-side via WebAssembly — your code never leaves the browser. See Privacy & Security for details.
FAQ
Is LadderScan free?
The browser-based scanner is free. Enterprise licenses, CLI access, and integration support are available for teams. See Pricing for details.
How do I report a false positive?
Contact us with the rule ID, a description of the false positive, and (if possible) a sanitized code snippet. We actively tune rules to minimize false positives.
Can I use LadderScan in my CI/CD pipeline?
Yes — the LadderScan CLI generates SARIF reports that integrate with GitHub Code Scanning, Azure DevOps, and other platforms. Contact us for CLI access.
What compliance frameworks does LadderScan support?
LadderScan's rules align with IEC 62443 (industrial cybersecurity), NERC CIP (critical infrastructure), and IEC 61131-3 best practices. The security report export supports compliance documentation workflows.
Does LadderScan support Ladder Logic or Function Block Diagram?
Yes! LadderScan supports all three major IEC 61131-3 languages: Structured Text, Function Block Diagram (FBD), and Ladder Logic (LD). Import PLCopen XML files containing FBD or LD programs, or paste ASCII ladder text directly. FBD and LD are automatically lowered to equivalent ST and analyzed with the full rule set. Use the Diagram toggle to view the original graphical representation.