[Owasp-o2-platform] Scanning vanilla java with O2

Yiannis Pavlosoglou yiannis at owasp.org
Thu Aug 12 06:00:01 EDT 2010

Hi list!

Having gone through the process of downloading and installing O2, we
are a bit disappointed in not being able to achieve even a baseline
scan in what is considered a simple project. Ergo, I would like to run
the following past you guys, to see if anything has been missed.

There is a codebase of appr. 1/4 million lines of code in java 1.5 (no
frameworks, no components, no noise) mainly consisting of POJOs;
standard configuration in eclipse; can also be built through ant, can
also be build through maven.

* Can this be scanned in/by O2?
* What are the rules for this?

The above questions follow the standard workflow of: We would like to
input the code, configure the rules, receive a scan report back.

I would appreciate a comment here, as there has been a hold-off in
assessing O2 by means of giving it a simple enough project for it to
cope. Now even that seems to be problematic.

Thank you in advance,


More information about the Owasp-o2-platform mailing list