[Owasp-codereview] Yasca v1.0 Released
Stephen de Vries
stephen at twisteddelight.org
Wed Oct 1 03:57:04 EDT 2008
Looks very interesting! I'm curious about the reasons you chose to
implement a framework from scratch instead of using PMD/jlint/findbugs ?
On Oct 1, 2008, at 1:25 AM, Michael V. Scovetta wrote:
> I thought this would be relevant to the OWASP Code Review
> Project, since I started writing Yasca to help with code reviews.
> Yasca ("Yet Another Source Code Scanner") is a framework and
> implementation for performing source code analysis. It integrates
> some security scanners (PMD, FindBugs, Jlint) and has some of its
> own too. It's meant to find on the "low hanging fruit" in web
> applications, and be **very** easily extensible (i.e. ~30 seconds to
> write a new rule) yet powerful (i.e. arbitrary call-outs to your own
> scanning code). Yasca is written in command-line PHP, is cross-
> platform, and is simple and quick to run.
> Yasca is open-source (BSD license) and is available on SourceForge (http://sourceforge.net/projects/yasca
> ) or http://yasca.org/.
> I'm very interested in hearing feedback and suggestions.
> Thank you,
> Mike Scovetta
> Owasp-codereview mailing list
> Owasp-codereview at lists.owasp.org
More information about the Owasp-codereview