[Owasp-testing] Code Review project and Code-Scanning-Tool(s)

Mark Roxberry mark.roxberry at mpi.us.com
Thu Jan 18 09:35:43 EST 2007


.NET - FXCop is freely available.

----- Original Message -----
From: "Javier Fernández-Sanguino" <jfernandez at germinus.com>
To: "Stephen de Vries" <stephen at corsaire.com>
Cc: <Owasp-codereview at lists.owasp.org>; <owasp-testing at lists.owasp.org>
Sent: Thursday, January 18, 2007 4:40 AM
Subject: Re: [Owasp-testing] Code Review project and Code-Scanning-Tool(s)

> Stephen de Vries dijo:
>>> I mention Flawfinder (and not Rats) because it seems to be more
>>> actively
>>> developed. It has been brought to my attention that the latest release
>>> (1.27) includes the capability to work with control version systems
>>> (reporting on the differences found when making changes).
>>
>> Am I correct in assuming that flawfinder can only find issues in C/C+
>> + code?  If so, this would be of limited benefit to the web app world
>> because it's not used as often as things like .NET, PHP and even RoR.
>
> True, flawfinder only works currently for C/C++ code (RATS provides
> coverage of more languages including PHP, Perl and Python). Anyone of
> them, however, could be possibly extended to cover more languages. Maybe
> that's a SoC project on it's own.
>
>> Are there any existing tools in OSS land for .NET and PHP?
>
> For PHP: Rats
> For .NET: I don't know of any
>
> Regards
>
> Javier
> _______________________________________________
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org
> http://lists.owasp.org/mailman/listinfo/owasp-testing
> 




More information about the Owasp-testing mailing list