[Owasp-leaders] [balint:6040] Access to SAST tooling

Mike Goodwin mike.goodwin at owasp.org
Fri Oct 27 14:13:55 UTC 2017


Thanks for the suggestion Timur.

I looked at SonarQube but it only lists 9 rules explicitly as
vulnerabilities for JavaScript and at least 4 of those are browser side
only (e.g. "LocalStorage should not be used"). My app is and Angular SPA
with a node.js backend so I would like a tool that will give me some good
coverage of both the client and server side if possible.

Best regards,

Mike

On 27 October 2017 at 12:44, Timur 'x' Khrotko [owasp] <timur at owasp.org>
wrote:

> Sonar?
> The big and ridiculously overpriced tools not always better ;)
>
> On Fri, 27 Oct 2017 at 13:23, Mike Goodwin <mike.goodwin at owasp.org> wrote:
>
>> Hello all,
>>
>> I'm interested in building static code scanning into my OWASP tool
>> project <https://www.owasp.org/index.php/OWASP_Threat_Dragon> but they
>> are pretty expensive. Does OWASP have any organisation-wide license for a
>> tool to do this? Or a subscription to an online service?
>>
>> Best regards,
>> --
>> *Mike Goodwin*
>> OWASP Newcastle UK Chapter Leader
>> <https://www.owasp.org/index.php/Newcastle>
>> OWASP Threat Dragon Project Leader
>> <https://github.com/mike-goodwin/owasp-threat-dragon>
>> @theblacklabguy
>>
>> This message may contain confidential information - you should handle it
>> accordingly.
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
> --
>
> secmachine․net #wepowersecdev
>



-- 
*Mike Goodwin*
OWASP Newcastle UK Chapter Leader
<https://www.owasp.org/index.php/Newcastle>
OWASP Threat Dragon Project Leader
<https://github.com/mike-goodwin/owasp-threat-dragon>
@theblacklabguy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20171027/2e3c37be/attachment.html>


More information about the OWASP-Leaders mailing list