[Owasp-testing] Code Review project and Code-Scanning-Tool(s)

Javier Fernández-Sanguino jfernandez at germinus.com
Thu Jan 18 03:46:11 EST 2007


Dinis Cruz dijo:
> We must take this opportunity and use some of the energy that is going 
> into the Code Review Guide to create a Code Scanning Tool which 
> identifies the issues raised.
> 
> I don't care if in its initial version it is just a bunch of regEx and 
> cleaver searches (ideally we would expand of projects like our own OWASP 
> LAPSE Project 
> <https://www.owasp.org/index.php/Category:OWASP_LAPSE_Project> , but I 
> don't want the guide to be depended on a tool development)

Wouldn't it be possible to extend existing OSS tools (such as 
Flawfinder, which is actively being developed) for the OWASP specifics 
of Code Review?

I mention Flawfinder (and not Rats) because it seems to be more actively 
developed. It has been brought to my attention that the latest release 
(1.27) includes the capability to work with control version systems 
(reporting on the differences found when making changes).

Just my 2c

Javier


More information about the Owasp-testing mailing list