[Java-project] Static code analyzer.
thesp0nge at gmail.com
Sat Oct 31 03:55:50 EDT 2009
Hey guys there is the opensource project I'm writing for owasp. http://orizon.sf.net
It's able to scan sources in different languages. We always need
developers to improve the project so if you're interested may be you
want also to join the orizon project.
Anyway give orizon a try and let me know :)
"stay hungry, stay foolish"
OWASP Orizon project, http://orizon.sf.net
On 30/ott/2009, at 23.20, JIM BIRD <jimbird at shaw.ca> wrote:
> Findbugs has only primitive security checks. I am not aware of any
> other open source solutions. Options for commercial static analysis
> tools include:
> - Fortify: www.fortify.com
> - IBM (now including technology from the Ounce Labs acquisition) the
> product portfolio is often being reorganized, IBM's static analysis
> tools are somewhere under the Rational brand or you can find the
> Ounce Labs technology directly at www.ouncelabs.com
> - Coverity Prevent: www.coverity.com
> - Klocwork - offers an inexpensive tool for individual Java
> developers, Solo: www.klocwork.com
> ----- Original Message -----
> From: John Towell <jtowell at agiletechgroup.com>
> Date: Friday, October 30, 2009 2:57 pm
> Subject: [Java-project] Static code analyzer.
> To: java-project at lists.owasp.org
> > I was wondering if anyone knew of an up to date tool to analyze
> > static Java
> > code for security concerns. We are looking for something
> > similar to.
> > http://suif.stanford.edu/~livshits/work/lapse/
> > Although this project seems to have been abandoned, last time it
> > was touched
> > looks to be 2006. We would be interested in a
> > defined ruleset for
> > Checkstyle/PMD/FindBugs as an alternative. I have looked
> > at those tools and
> > cannot find anything related to security. Let me know if
> > you have any
> > information in this area.
> > Thanks,
> > -John Towell
> Java-project mailing list
> Java-project at lists.owasp.org
More information about the Java-project