[Owasp-leaders] Access to SAST tooling

Dave Wichers dave.wichers at owasp.org
Mon Oct 30 16:27:24 UTC 2017


Mike,

Are you doing this for security scanning? or just quality? PMD/FindBugs
have almost no security rules. If you are looking for security, there is a
FindBugs plugin called FindSecurityBugs. And then there is SonarQube. I'd
recommend looking at those.

-Dave


On Fri, Oct 27, 2017 at 11:01 AM, Kevin W. Wall <kevin.w.wall at gmail.com>
wrote:

> Mike,
>
> Coverity provides free scanning of FOSS projects. ESAPI has used it in the
> past. I suspect that other SAST vendors may have similar offers, but I
> don't have any experience with them. There's also things like PMD and
> Findbugs that are closer to 'list' than SAST tools, but that can be useful.
> Both have plug-ins for various IDEs.
>
> HTH,
> -kevin
> --
> Blog: http://off-the-wall-security.blogspot.com/  |  Twitter:  @KevinWWall
> NSA: All your crypto bit are belong to us.
>
> On Oct 27, 2017 07:24, "Mike Goodwin" <mike.goodwin at owasp.org> wrote:
>
>> Hello all,
>>
>> I'm interested in building static code scanning into my OWASP tool
>> project <https://www.owasp.org/index.php/OWASP_Threat_Dragon> but they
>> are pretty expensive. Does OWASP have any organisation-wide license for a
>> tool to do this? Or a subscription to an online service?
>>
>> Best regards,
>> --
>> *Mike Goodwin*
>> OWASP Newcastle UK Chapter Leader
>> <https://www.owasp.org/index.php/Newcastle>
>> OWASP Threat Dragon Project Leader
>> <https://github.com/mike-goodwin/owasp-threat-dragon>
>> @theblacklabguy
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20171030/be4158c9/attachment.html>


More information about the OWASP-Leaders mailing list