[Java-project] Static code analyzer.

ATISH SINGH mr.atishsingh at gmail.com
Mon Nov 2 22:41:13 EST 2009


Hey guys Codesecure by Armorize technology is also a good tool curently I am
using this tool.

On Sat, Oct 31, 2009 at 1:25 PM, Paolo Perego <thesp0nge at gmail.com> wrote:

> Hey guys there is the opensource project I'm writing for owasp.
> http://orizon.sf.net
> .
>
> It's able to scan sources in different languages. We always need
> developers to improve the project so if you're interested may be you
> want also to join the orizon project.
>
> Anyway give orizon a try and let me know :)
>
> "stay hungry, stay foolish"
>
> OWASP Orizon project, http://orizon.sf.net
>
>
> On 30/ott/2009, at 23.20, JIM BIRD <jimbird at shaw.ca> wrote:
>
> > Findbugs has only primitive security checks. I am not aware of any
> > other open source solutions. Options for commercial static analysis
> > tools include:
> > - Fortify: www.fortify.com
> > - IBM (now including technology from the Ounce Labs acquisition) the
> > product portfolio is often being reorganized, IBM's static analysis
> > tools are somewhere under the Rational brand or you can find the
> > Ounce Labs technology directly at www.ouncelabs.com
> > - Coverity Prevent: www.coverity.com
> > - Klocwork - offers an inexpensive tool for individual Java
> > developers, Solo: www.klocwork.com
> >
> > ----- Original Message -----
> > From: John Towell <jtowell at agiletechgroup.com>
> > Date: Friday, October 30, 2009 2:57 pm
> > Subject: [Java-project] Static code analyzer.
> > To: java-project at lists.owasp.org
> >
> > > I was wondering if anyone knew of an up to date tool to analyze
> > > static Java
> > > code for security concerns.  We are looking for something
> > > similar to.
> > >
> > > http://suif.stanford.edu/~livshits/work/lapse/
> > >
> > > Although this project seems to have been abandoned, last time it
> > > was touched
> > > looks to be 2006.   We would be interested in a
> > > defined ruleset for
> > > Checkstyle/PMD/FindBugs as an alternative.  I have looked
> > > at those tools and
> > > cannot find anything related to security.  Let me know if
> > > you have any
> > > information in this area.
> > >
> > > Thanks,
> > >
> > > -John Towell
> > >
> > _______________________________________________
> > Java-project mailing list
> > Java-project at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/java-project
> _______________________________________________
> Java-project mailing list
> Java-project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/java-project
>



-- 
Regards,

Atish Kumar Singh
Software Quality Engineer
CresTech Software Systems Pvt. Ltd.
Mobile No.  09312976402
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/java-project/attachments/20091103/9b8f3f5f/attachment.html 


More information about the Java-project mailing list