[Owasp-board] REQUEST FOR COMMENTS/FW: New Static Analysis Tool - "Yasca"
paulo.coimbra at owasp.org
Thu Oct 23 15:44:59 UTC 2008
I am ready to set up this project. Any objections and/or instructions?
<https://www.owasp.org/index.php/Main_Page> OWASP Project Manager
From: Michael V. Scovetta [mailto:michael.scovetta at gmail.com] On Behalf Of
Michael V. Scovetta
Sent: segunda-feira, 20 de Outubro de 2008 22:01
To: paulo.coimbra at owasp.org
Cc: 'Michael.scovetta at gmail.com'
Subject: New Static Analysis Tool - "Yasca"
I've written a new static analysis tool and would like to include it among
the other OWASP projects. I've been involved with OWASP/NYC and plan to
submit a presentation for upcoming conferences. Here is my quick
introduction to Yasca. A PPT will be coming out soon.
Yasca is a new static analysis tool designed to scan Java, C/C++,
issues. Yasca is easily extensible via a plugin-based architecture, so
scanning PHP, Ruby, or other languages is as simple as coming up with rules
or integrating external tools.
Yasca includes plugins for the following open-source projects:
* FindBugs (http://findbugs.sourceforge.net/)
* PMD (http://pmd.sourceforge.net/)
* Jlint / antiC (http://artho.com/jlint/)
Yasca also features a simple regular-expression plugin that allows new rules
to be written in less than a minute. It includes many custom rules created
specifically for Yasca, and additional rule-packs will be released soon.
Yasca is hosted on SourceForge (http://sourceforge.net/projects/yasca) with
additional information at http://yasca.org.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-board