[Owasp-codereview] Yasca v1.0 Released

Stephen de Vries stephen at twisteddelight.org
Wed Oct 1 03:57:04 EDT 2008


Hi Mike,

Looks very interesting!  I'm curious about the reasons you chose to  
implement a framework from scratch instead of using PMD/jlint/findbugs ?

cheers,
Stephen

On Oct 1, 2008, at 1:25 AM, Michael V. Scovetta wrote:

> Hello,
>    I thought this would be relevant to the OWASP Code Review  
> Project, since I started writing Yasca to help with code reviews.
>
> Yasca ("Yet Another Source Code Scanner") is a framework and  
> implementation for performing source code analysis. It integrates  
> some security scanners (PMD, FindBugs, Jlint) and has some of its  
> own too. It's meant to find on the "low hanging fruit" in web  
> applications, and be **very** easily extensible (i.e. ~30 seconds to  
> write a new rule) yet powerful (i.e. arbitrary call-outs to your own  
> scanning code). Yasca is written in command-line PHP, is cross- 
> platform, and is simple and quick to run.
>
> Yasca is open-source (BSD license) and is available on SourceForge (http://sourceforge.net/projects/yasca 
> ) or http://yasca.org/.
>
> I'm very interested in hearing feedback and suggestions.
>
> Thank you,
>
> Mike Scovetta
> _______________________________________________
> Owasp-codereview mailing list
> Owasp-codereview at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-codereview



More information about the Owasp-codereview mailing list