[Owasp-ireland] Building WebGoat with Rational Application Developer for Source Code Analysis test
leomccavana at hotmail.com
Mon Nov 8 07:08:52 EST 2010
I am helping out on a project to evaluate some source code analysis tools for my employer. We have a couple of in-house developed apps (both .NET and Java) and will of course test those with the SCA tools. We'll be using IDE plugins for both Visual Studio 2008 and Rational Application Developer to scan the code. For completeness I'd like to see how well the tools cope with a few open source tools - i.e. HackMe Bank and WebGoat.
Everything is fine with HackMe Bank (I come from a .NET background), but it's WebGoat that is presenting a challenge to me. My employer uses Rational Application Developer (v 7.5.4) as opposed to Eclipse - which is used by WebGoat.
Is it possible to import the WebGoat code into Rational Application Developer? Since I only want to build the source code so that it can be scanned with the SCA tools, do I still need Maven and Tomcat? In other words, I don't require the ability to run the built app - the SCA tools I'm looking at only require the source code to be 'build quality'.
If anybody has any recommendations on OpenSource Java apps that work easily with Rational Application Developer, please let me know.
I appreciate any and all advice.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-ireland