[Owasp-leaders] Access to SAST tooling
jtmelton at gmail.com
Fri Oct 27 15:11:10 UTC 2017
The DHS SWAMP project (https://www.mir-swamp.org/) is a collection of the
aforementioned tools (and others) and is intended to paper over the
most FOSS security static analysis tools (and some commercial ones,
actually) is poor.
On Fri, Oct 27, 2017 at 11:01 AM, Kevin W. Wall <kevin.w.wall at gmail.com>
> Coverity provides free scanning of FOSS projects. ESAPI has used it in the
> past. I suspect that other SAST vendors may have similar offers, but I
> don't have any experience with them. There's also things like PMD and
> Findbugs that are closer to 'list' than SAST tools, but that can be useful.
> Both have plug-ins for various IDEs.
> Blog: http://off-the-wall-security.blogspot.com/ | Twitter: @KevinWWall
> NSA: All your crypto bit are belong to us.
> On Oct 27, 2017 07:24, "Mike Goodwin" <mike.goodwin at owasp.org> wrote:
>> Hello all,
>> I'm interested in building static code scanning into my OWASP tool
>> project <https://www.owasp.org/index.php/OWASP_Threat_Dragon> but they
>> are pretty expensive. Does OWASP have any organisation-wide license for a
>> tool to do this? Or a subscription to an online service?
>> Best regards,
>> *Mike Goodwin*
>> OWASP Newcastle UK Chapter Leader
>> OWASP Threat Dragon Project Leader
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders