[Owasp-testing] Code Review project and Code-Scanning-Tool(s)
jfernandez at germinus.com
Thu Jan 18 03:46:11 EST 2007
Dinis Cruz dijo:
> We must take this opportunity and use some of the energy that is going
> into the Code Review Guide to create a Code Scanning Tool which
> identifies the issues raised.
> I don't care if in its initial version it is just a bunch of regEx and
> cleaver searches (ideally we would expand of projects like our own OWASP
> LAPSE Project
> <https://www.owasp.org/index.php/Category:OWASP_LAPSE_Project> , but I
> don't want the guide to be depended on a tool development)
Wouldn't it be possible to extend existing OSS tools (such as
Flawfinder, which is actively being developed) for the OWASP specifics
of Code Review?
I mention Flawfinder (and not Rats) because it seems to be more actively
developed. It has been brought to my attention that the latest release
(1.27) includes the capability to work with control version systems
(reporting on the differences found when making changes).
Just my 2c
More information about the Owasp-testing