[Owasp-codereview] Yasca v1.0 Released

Michael V. Scovetta scovetta at users.sourceforge.net
Wed Oct 1 04:58:17 EDT 2008


Hi Stephen,
   I suppose part of it is hindsight being what it is. I started out just
wanting a wrapper around grep to scan for simple things, but as things got
more complex, I realized it had to be a bit better than that. Each of those
tools are great at finding certain things, but (a) all are only Java (except
for Jlint, which does C/C++ too) [Yasca is more generic - it has a few
scanners for HTML/JavaScript and even a COBOL one], and (b) they are limited
to scanning using their own framework (i.e. it'd be difficult to integrate
Jlint or FindBugs' ruleset into PMD). In that regard you could call that
aspect of Yasca a wrapper.

Thanks!

Mike

On Wed, Oct 1, 2008 at 3:57 AM, Stephen de Vries <stephen at twisteddelight.org
> wrote:

>
> Hi Mike,
>
> Looks very interesting!  I'm curious about the reasons you chose to
> implement a framework from scratch instead of using PMD/jlint/findbugs ?
>
> cheers,
> Stephen
>
>
> On Oct 1, 2008, at 1:25 AM, Michael V. Scovetta wrote:
>
>  Hello,
>>   I thought this would be relevant to the OWASP Code Review Project, since
>> I started writing Yasca to help with code reviews.
>>
>> Yasca ("Yet Another Source Code Scanner") is a framework and
>> implementation for performing source code analysis. It integrates some
>> security scanners (PMD, FindBugs, Jlint) and has some of its own too. It's
>> meant to find on the "low hanging fruit" in web applications, and be
>> **very** easily extensible (i.e. ~30 seconds to write a new rule) yet
>> powerful (i.e. arbitrary call-outs to your own scanning code). Yasca is
>> written in command-line PHP, is cross-platform, and is simple and quick to
>> run.
>>
>> Yasca is open-source (BSD license) and is available on SourceForge (
>> http://sourceforge.net/projects/yasca) or http://yasca.org/.
>>
>> I'm very interested in hearing feedback and suggestions.
>>
>> Thank you,
>>
>> Mike Scovetta
>> _______________________________________________
>> Owasp-codereview mailing list
>> Owasp-codereview at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-codereview
>>
>
>


-- 
-[ Michael Scovetta ]-
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-codereview/attachments/20081001/a0c4d60f/attachment.html 


More information about the Owasp-codereview mailing list