[Owasp-leaders] Access to SAST tooling

Kevin W. Wall kevin.w.wall at gmail.com
Fri Oct 27 15:01:34 UTC 2017


Mike,

Coverity provides free scanning of FOSS projects. ESAPI has used it in the
past. I suspect that other SAST vendors may have similar offers, but I
don't have any experience with them. There's also things like PMD and
Findbugs that are closer to 'list' than SAST tools, but that can be useful.
Both have plug-ins for various IDEs.

HTH,
-kevin
--
Blog: http://off-the-wall-security.blogspot.com/  |  Twitter:  @KevinWWall
NSA: All your crypto bit are belong to us.

On Oct 27, 2017 07:24, "Mike Goodwin" <mike.goodwin at owasp.org> wrote:

> Hello all,
>
> I'm interested in building static code scanning into my OWASP tool project
> <https://www.owasp.org/index.php/OWASP_Threat_Dragon> but they are pretty
> expensive. Does OWASP have any organisation-wide license for a tool to do
> this? Or a subscription to an online service?
>
> Best regards,
> --
> *Mike Goodwin*
> OWASP Newcastle UK Chapter Leader
> <https://www.owasp.org/index.php/Newcastle>
> OWASP Threat Dragon Project Leader
> <https://github.com/mike-goodwin/owasp-threat-dragon>
> @theblacklabguy
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20171027/428857cf/attachment.html>


More information about the OWASP-Leaders mailing list