[Owasp-board] Task force team assisting with cleanup of project inventories-updates

johanna curiel curiel johanna.curiel at owasp.org
Sat Jun 28 07:55:47 UTC 2014

Jim, I'll be using other code analysis tools and right now SWAMP does that

 I would like to have a meeting with you/Board regarding the
SWAMP because I don't know where is this heading.

DHS is really behind my back to put tools there, I did that with a couple
but since they all need C/C++ build scripts or clear build (gcc) commands
(that is also possibly) I was able to find out how to run them and get the
exact build errors if they failed.

This could be a free way to use some code analysis tools for these
languages but I'm not sure if I should be doing this.

Since we are creating a system to run automated builds and without the work
and effort of creating C/C++ build scripts or commands to be able to run
them in SWAMP,  I see this right now as overload work for me.

I like the way the SWAMP runs, is quite easy to work but the overload work
of creating C/C++ build scripts or commands is major minus for me. The idea
is if  a tools has his own build scripts written in maven, ant, python or
other scripting language, this will add extra work to any testing.

Again, what is the strategy with the SWAMP? I think I can test some tools
(such as NinjaPingU that already has a C++ build scripts) but I would not
be using this environment because it adds too much work. In the end I think
the developer of the tool should be doing this if he wants to use the SWAMP.

Please let me know because communicating consistency to external parties is
essential. Like in this case, I have the understanding that SWAMP wants me
to put OWASP tools there but I think we should communicate my findings why
I might not continue doing this and if the board wants to promote this
among our community, that is another strategy I'm not aware of
but definitely, that message wont be communicated from my side

 I see activities that in APPSEC US are  already heading in that direction
so please let me know.

I would appreciate you feedback and clarification regarding the SWAMP



On Sat, Jun 28, 2014 at 2:37 AM, Jim Manico <jim.manico at owasp.org> wrote:

> Johanna,
> AWESOME. It was great to meet you in person at AppSecEU and thank you for
> your selfless volunteerism.
> Glad to see your are leveraging SAST in your infrastructure. When the time
> is right I'd like to put a call out to invite other vendors to participate.
> I want to make sure we are as vendor neutral as possible so all have the
> opportunity to participate (and donate licenses to the foundation). :) When
> the time is right of course, I do not want to derail your progress and
> pilot.
> Great work to you and Jason and all the others who are helping. This is
> very exciting!
> PS: Johanna has been a web developer for 15 years which I think is pretty
> rare and awesome. :)
> Aloha,
> --
> Jim Manico
> @Manicode
> (808) 652-3805
> On Jun 28, 2014, at 7:29 AM, Josh Sokol <josh.sokol at owasp.org> wrote:
> Thank you very much for the update Johanna!  It is great to hear about the
> cohesive efforts of the projects team and it sounds like you all are making
> some great progress on several fronts.  I'd encourage you all to keep
> pressing forward and please do not hesitate to let us know if there's
> anything we can do to help.
> ~josh
> On Fri, Jun 27, 2014 at 7:21 PM, johanna curiel curiel <
> johanna.curiel at owasp.org> wrote:
>> Board
>> I just want to let you know that Kait Disney has been contributing a lot
>> since last year, cleaning the inventory on the WIKI pages
>> We are starting a new project, which means we will set all OWASP projects
>> in JIRA for better management and reporting of project status
>> Kait has access to JIRA and will start doing this during this week for
>> projects that are not there yet, including classifying them properly.
>> I have been testing manually the projects and Jason Johnson has recently
>> setup a build server that will allow us to automate most of this task and
>> verify that repositories and source code build properly. This information
>> will be used as a measuring criteria , including checking unit tests(such
>> as the case of OWASP ZAP)
>> I will work on this next week and more intensively after the 12 of July.
>> Enrico Branca has create also a python script that will allow us to have
>> a centralized system that determines the activity level on git hub
>> repositories of projects much better than Ohloh  and we will be setting
>> this as a web app page such as this :http://www.pythonsecurity.org/stats
>> Checkmarx Business development director Avichai Elgavish had expressed
>> his support to provide us licenses for our code review analysis tool and
>> I'll be in contact with him next week regarding this.
>> I really appreciate all this team efforts that will help us have a better
>> overview of project activities and management of their status
>> I'll update this soon information on the wiki and  I think this is worth
>> to put in the global connector for the entire community so they know how
>> are we approaching this
>> regards
>> Johanna
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-board
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140628/8a3b9257/attachment.html>

More information about the Owasp-board mailing list