[Owasp-board] REQUEST FOR COMMENTS/FW: New Static Analysis Tool - "Yasca"

Jeff Williams jeff.williams at owasp.org
Fri Oct 24 15:20:10 UTC 2008


Yes!  This is cool.  OWASP is a "big tent" - meaning that we can support
many tools focused on a similar purpose.  We should not try to put all our
effort behind one tool, but encourage a flourishing market of tools.  If we
don't create a big tent, it will encourage other competing tents to form.
So we should encourage EVERY appsec tool out there to fall under the OWASP
umbrella and get some support!!!

 

--Jeff

 

From: owasp-board-bounces at lists.owasp.org
[mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Seba
Sent: Thursday, October 23, 2008 10:35 PM
To: Dave Wichers
Cc: OWASP Foundation Board List
Subject: Re: [Owasp-board] REQUEST FOR COMMENTS/FW: New Static Analysis Tool
- "Yasca"

 

Look for synergies with the Orizon / Source code review projects?

 

regards

 

Seba

On Thu, Oct 23, 2008 at 5:50 PM, Dave Wichers <dave.wichers at owasp.org>
wrote:

I don't have any objections. Do we have any other code analysis tools that
compete with this? I think we do, and so we should try to get them to
coordinate / work together.

 

In fact, anytime we have multiple tools in the same category, we should try
to get them to work together.

 

-Dave

 

From: owasp-board-bounces at lists.owasp.org
[mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Paulo Coimbra
Sent: Thursday, October 23, 2008 11:45 AM
To: 'OWASP Foundation Board List'
Subject: [Owasp-board] REQUEST FOR COMMENTS/FW: New Static Analysis Tool -
"Yasca"

 

Board,

 

I am ready to set up this project. Any objections and/or instructions? 

 

Thanks,

 

Paulo Coimbra,

OWASP Project <https://www.owasp.org/index.php/Main_Page>  Manager

 

From: Michael V. Scovetta [mailto:michael.scovetta at gmail.com] On Behalf Of
Michael V. Scovetta
Sent: segunda-feira, 20 de Outubro de 2008 22:01
To: paulo.coimbra at owasp.org
Cc: 'Michael.scovetta at gmail.com'
Subject: New Static Analysis Tool - "Yasca"

 

Hi Paulo,

 

I've written a new static analysis tool and would like to include it among
the other OWASP projects. I've been involved with OWASP/NYC and plan to
submit a presentation for upcoming conferences. Here is my quick
introduction to Yasca. A PPT will be coming out soon. 

 

---

 

Yasca is a new static analysis tool designed to scan Java, C/C++,
JavaScript, .NET, and other source code for security and code-quality
issues. Yasca is easily extensible via a plugin-based architecture, so
scanning PHP, Ruby, or other languages is as simple as coming up with rules
or integrating external tools.

 

Yasca includes plugins for the following open-source projects:

     * FindBugs (http://findbugs.sourceforge.net/)

     * PMD (http://pmd.sourceforge.net/)

     * Jlint / antiC (http://artho.com/jlint/)

 

Yasca also features a simple regular-expression plugin that allows new rules
to be written in less than a minute. It includes many custom rules created
specifically for Yasca, and additional rule-packs will be released soon.

 

Yasca is hosted on SourceForge (http://sourceforge.net/projects/yasca) with
additional information at http://yasca.org.

 

Thank you,

 

Mike Scovetta

 


_______________________________________________
Owasp-board mailing list
Owasp-board at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-board

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20081024/de617ee3/attachment-0002.html>


More information about the Owasp-board mailing list