[Owasp-board] New Static Analysis Tool - "Yasca"

Paulo Coimbra paulo.coimbra at owasp.org
Mon Dec 8 20:04:02 UTC 2008


Dear Michael,

 

First of all, I apologise for my delayed answer. Secondly, I thank you for
supporting OWASP.

 

I have finally set up the requested project page. It was placed here
<https://www.owasp.org/index.php/Category:OWASP_Project#Alpha_Status_Project
s> , can be accessed here
<https://www.owasp.org/index.php/Category:OWASP_Yasca_Project>  and edited
here
<https://www.owasp.org/index.php/Project_Information:template_Yasca_Project>
. Please feel free to change it as you find best. 

 

I also created a mailing list for your project. The subscription page it's
here <https://lists.owasp.org/mailman/listinfo/owasp-yasca-project> , the
mail address is owasp-yasca-project at lists.owasp.org and, by now, the
password must have been sent automatically to you.

 

I recommend writing here
<https://www.owasp.org/index.php/Category:OWASP_Yasca_Project_Roadmap>
about the plans that you have for your tool regarding future developments. 

 

I also suggest you contact the project leaders of the Yasca related projects
- Paolo Perego, Eoin Keary and Dan Cornell - to see if synergies between
these projects can be found out.

 

Please, don't hesitate to get back to me whenever you think that I can be of
any help.

 

Many thanks, best regards,

 

Paulo Coimbra,

OWASP Project Manager <https://www.owasp.org/index.php/Main_Page> 

 

 

From: Michael V. Scovetta [mailto:michael.scovetta at gmail.com] On Behalf Of
Michael V. Scovetta
Sent: segunda-feira, 20 de Outubro de 2008 22:01
To: paulo.coimbra at owasp.org
Cc: 'Michael.scovetta at gmail.com'
Subject: New Static Analysis Tool - "Yasca"

 

Hi Paulo,

 

I've written a new static analysis tool and would like to include it among
the other OWASP projects. I've been involved with OWASP/NYC and plan to
submit a presentation for upcoming conferences. Here is my quick
introduction to Yasca. A PPT will be coming out soon. 

 

---

 

Yasca is a new static analysis tool designed to scan Java, C/C++,
JavaScript, .NET, and other source code for security and code-quality
issues. Yasca is easily extensible via a plugin-based architecture, so
scanning PHP, Ruby, or other languages is as simple as coming up with rules
or integrating external tools.

 

Yasca includes plugins for the following open-source projects:

     * FindBugs (http://findbugs.sourceforge.net/)

     * PMD (http://pmd.sourceforge.net/)

     * Jlint / antiC (http://artho.com/jlint/)

 

Yasca also features a simple regular-expression plugin that allows new rules
to be written in less than a minute. It includes many custom rules created
specifically for Yasca, and additional rule-packs will be released soon.

 

Yasca is hosted on SourceForge (http://sourceforge.net/projects/yasca) with
additional information at http://yasca.org.

 

Thank you,

 

Mike Scovetta

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20081208/e0d5a39d/attachment-0002.html>


More information about the Owasp-board mailing list