[Owasp-leaders] [balint:6040] Access to SAST tooling

Dibyendu Sikdar dibyendu.coder at gmail.com
Fri Oct 27 14:24:22 UTC 2017


Have a look at Coverity ! Free for open source projects ......

On Fri, Oct 27, 2017 at 7:43 PM, Mike Goodwin <mike.goodwin at owasp.org>
wrote:

> Thanks for the suggestion Timur.
>
> I looked at SonarQube but it only lists 9 rules explicitly as
> vulnerabilities for JavaScript and at least 4 of those are browser side
> only (e.g. "LocalStorage should not be used"). My app is and Angular SPA
> with a node.js backend so I would like a tool that will give me some good
> coverage of both the client and server side if possible.
>
> Best regards,
>
> Mike
>
> On 27 October 2017 at 12:44, Timur 'x' Khrotko [owasp] <timur at owasp.org>
> wrote:
>
>> Sonar?
>> The big and ridiculously overpriced tools not always better ;)
>>
>> On Fri, 27 Oct 2017 at 13:23, Mike Goodwin <mike.goodwin at owasp.org>
>> wrote:
>>
>>> Hello all,
>>>
>>> I'm interested in building static code scanning into my OWASP tool
>>> project <https://www.owasp.org/index.php/OWASP_Threat_Dragon> but they
>>> are pretty expensive. Does OWASP have any organisation-wide license for a
>>> tool to do this? Or a subscription to an online service?
>>>
>>> Best regards,
>>> --
>>> *Mike Goodwin*
>>> OWASP Newcastle UK Chapter Leader
>>> <https://www.owasp.org/index.php/Newcastle>
>>> OWASP Threat Dragon Project Leader
>>> <https://github.com/mike-goodwin/owasp-threat-dragon>
>>> @theblacklabguy
>>>
>>> This message may contain confidential information - you should handle it
>>> accordingly.
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>> --
>>
>> secmachine․net #wepowersecdev
>>
>
>
>
> --
> *Mike Goodwin*
> OWASP Newcastle UK Chapter Leader
> <https://www.owasp.org/index.php/Newcastle>
> OWASP Threat Dragon Project Leader
> <https://github.com/mike-goodwin/owasp-threat-dragon>
> @theblacklabguy
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>


-- 
*Thanks and Regards,*
*Dibyendu Sikdar*
*https://www.linkedin.com/in/dibsyhex
<https://www.linkedin.com/in/dibsyhex>*
*@dibsyhex*
*OWASP Project Leader *
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20171027/008003e3/attachment.html>


More information about the OWASP-Leaders mailing list