[Owasp-leaders] Access to SAST tooling

Kim Carter kim.carter at owasp.org
Sun Oct 29 06:35:31 UTC 2017


and other countermeasures for consuming free and open source: 
http://f1.holisticinfosecforwebdevelopers.com/chap06.html#web-applications-countermeasures-consuming-free-and-open-source-tooling 
listed in my book.


Kim Carter

OWASP New Zealand Chapter Leader (Christchurch)

Author of *Holistic Info-Sec for Web Developers* 
<http://www.holisticinfosecforwebdevelopers.com>

c: +64 274 622 607









On 28/10/17 04:12, Erlend Oftedal wrote:
> For JavaScript projects you may want to look at :
> https://github.com/mozfreddyb/eslint-plugin-scanjs-rules
>
> And of course also dependency trackers such as nsp and retire.js
>
> Best regards
> Erlend
>
>
> On Fri, 27 Oct 2017 at 17:02, Kevin W. Wall <kevin.w.wall at gmail.com 
> <mailto:kevin.w.wall at gmail.com>> wrote:
>
>     Mike,
>
>     Coverity provides free scanning of FOSS projects. ESAPI has used
>     it in the past. I suspect that other SAST vendors may have similar
>     offers, but I don't have any experience with them. There's also
>     things like PMD and Findbugs that are closer to 'list' than SAST
>     tools, but that can be useful. Both have plug-ins for various IDEs.
>
>     HTH,
>     -kevin
>     --
>     Blog: http://off-the-wall-security.blogspot.com/ |  Twitter: 
>     @KevinWWall
>     NSA: All your crypto bit are belong to us.
>
>     On Oct 27, 2017 07:24, "Mike Goodwin" <mike.goodwin at owasp.org
>     <mailto:mike.goodwin at owasp.org>> wrote:
>
>         Hello all,
>
>         I'm interested in building static code scanning into my OWASP
>         tool project
>         <https://www.owasp.org/index.php/OWASP_Threat_Dragon> but they
>         are pretty expensive. Does OWASP have any organisation-wide
>         license for a tool to do this? Or a subscription to an online
>         service?
>
>         Best regards,
>         -- 
>         *Mike Goodwin*
>         OWASP Newcastle UK Chapter Leader
>         <https://www.owasp.org/index.php/Newcastle>
>         OWASP Threat Dragon Project Leader
>         <https://github.com/mike-goodwin/owasp-threat-dragon>
>         @theblacklabguy
>
>         _______________________________________________
>         OWASP-Leaders mailing list
>         OWASP-Leaders at lists.owasp.org
>         <mailto:OWASP-Leaders at lists.owasp.org>
>         https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>     _______________________________________________
>     OWASP-Leaders mailing list
>     OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
>     https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20171029/e4fa206b/attachment.html>


More information about the OWASP-Leaders mailing list