[Owasp-leaders] Access to SAST tooling
erlend at oftedal.no
Fri Oct 27 15:12:54 UTC 2017
And of course also dependency trackers such as nsp and retire.js
On Fri, 27 Oct 2017 at 17:02, Kevin W. Wall <kevin.w.wall at gmail.com> wrote:
> Coverity provides free scanning of FOSS projects. ESAPI has used it in the
> past. I suspect that other SAST vendors may have similar offers, but I
> don't have any experience with them. There's also things like PMD and
> Findbugs that are closer to 'list' than SAST tools, but that can be useful.
> Both have plug-ins for various IDEs.
> Blog: http://off-the-wall-security.blogspot.com/ | Twitter: @KevinWWall
> NSA: All your crypto bit are belong to us.
> On Oct 27, 2017 07:24, "Mike Goodwin" <mike.goodwin at owasp.org> wrote:
>> Hello all,
>> I'm interested in building static code scanning into my OWASP tool
>> project <https://www.owasp.org/index.php/OWASP_Threat_Dragon> but they
>> are pretty expensive. Does OWASP have any organisation-wide license for a
>> tool to do this? Or a subscription to an online service?
>> Best regards,
>> *Mike Goodwin*
>> OWASP Newcastle UK Chapter Leader
>> OWASP Threat Dragon Project Leader
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders